CVE-2026-35244

all versions

Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The

5.2MEDIUM

CVE-2022-23307

< 11.2.8.0

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a compon

8.8HIGH

CVE-2022-23305

< 11.2.8.0

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted a

9.8CRITICAL

CVE-2022-23302

< 11.2.8.0

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the

8.8HIGH

CVE-2021-45105

< 11.2.8.0

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-4104

< 11.2.8.0

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-2445

all versions

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supporte

5.7MEDIUM

CVE-2021-2351

all versions

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-2347

all versions

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supporte

5.2MEDIUM

CVE-2021-27906

< 11.2.8.0

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version

5.5MEDIUM

CVE-2021-27807

< 11.2.8.0

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22

5.5MEDIUM

CVE-2021-1999

all versions

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version

5.0MEDIUM

CVE-2021-1996

all versions

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that

2.4LOW

CVE-2021-1993

all versions

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c

4.8MEDIUM

CVE-2020-27218

all versions

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP

4.8MEDIUM

CVE-2020-14854

all versions

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supporte

6.1MEDIUM

CVE-2020-5421

all versions

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr

6.5MEDIUM

CVE-2020-9490

all versions

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re

7.5HIGH

CVE-2020-11993

all versions

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter

7.5HIGH

CVE-2020-11984

all versions

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

9.8CRITICAL

CVE-2020-15358

all versions

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because o

5.5MEDIUM

CVE-2020-13871

all versions

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late

7.5HIGH

CVE-2020-11656

all versions

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs

9.8CRITICAL

CVE-2020-11655

all versions

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query bec

7.5HIGH

CVE-2020-1935

all versions

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-l

4.8MEDIUM

CVE-2020-9327

all versions

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of

7.5HIGH

CVE-2019-17563

all versions

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow windo

7.5HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-12415

all versions

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially cra

5.5MEDIUM

CVE-2019-12402

all versions

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced

7.5HIGH

CVE-2019-13990

all versions

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo

9.8CRITICAL

CVE-2018-14550

all versions

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the func

8.8HIGH

CVE-2019-2729

all versions

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions

9.8CRITICAL

CVE-2019-5427

all versions

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections again

7.5HIGH

CVE-2019-7317

all versions

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_saf

5.3MEDIUM