Oracle

Primavera Unifier

95 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-0227

Exploit
  • EPSS 90.74%
  • Published 01.05.2019 21:29:00
  • Last modified 08.05.2025 18:13:51

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil...

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

9.8

CVE-2018-19362

  • EPSS 6.78%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

9.8

CVE-2018-19361

  • EPSS 4.06%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

9.8

CVE-2018-19360

  • EPSS 6.78%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

10

CVE-2018-14721

  • EPSS 9.9%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

9.8

CVE-2018-14720

  • EPSS 3.41%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

9.8

CVE-2018-14719

  • EPSS 2.65%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8

CVE-2018-14718

  • EPSS 14.75%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:39

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

6.1

CVE-2018-3148

  • EPSS 0.51%
  • Published 17.10.2018 01:31:17
  • Last modified 21.11.2024 04:05:17

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1, 16.2, 17.1-17.12 and 18.1-18.8. Easily exploitable vulnerability allo...