threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle utilities framework
Product
oracle utilities framework
38 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-21924
all versions
Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General). Suppor
5.4
MEDIUM
CVE-2020-36518
all versions
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
HIGH
CVE-2021-45105
>= 4.3.0.1.0 and <= 4.3.0.6.0
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9
MEDIUM
CVE-2021-39152
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39150
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39140
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
6.5
MEDIUM
CVE-2021-39154
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39153
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39151
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39149
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39148
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39147
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39146
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39145
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39144
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39141
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39139
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-2351
>= 4.3.0.1.0 and <= 4.3.0.6.0
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3
HIGH
CVE-2021-36374
>= 4.3.0.1.0 and <= 4.3.0.6.0
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m
5.5
MEDIUM
CVE-2021-36373
>= 4.3.0.1.0 and <= 4.3.0.6.0
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead
5.5
MEDIUM
CVE-2021-31684
all versions
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a de
7.5
HIGH
CVE-2021-27568
all versions
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a f
5.9
MEDIUM
CVE-2020-14756
>= 4.3.0.1.0 and <= 4.3.0.6.0
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that ar
9.8
CRITICAL
CVE-2020-28052
all versions
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compa
8.1
HIGH
CVE-2020-25649
all versions
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab
7.5
HIGH
CVE-2020-14895
>= 4.3.0.1.0 and <= 4.3.0.6.0
Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versi
5.4
MEDIUM
CVE-2020-11979
all versions
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u
7.5
HIGH
CVE-2020-1945
>= 4.3.0.1.0 and <= 4.3.0.6.0
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.
6.3
MEDIUM
CVE-2020-10683
>= 4.3.0.1.0 and <= 4.3.0.6.0
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H
9.8
CRITICAL
CVE-2020-9488
>= 4.3.0.1.0 and <= 4.3.0.6.0
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in
3.7
LOW
CVE-2020-2555
>= 4.3.0.1.0 and <= 4.3.0.6.0
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported ve
9.8
CRITICAL
CVE-2019-10219
>= 4.3.0.1.0 and <= 4.3.0.6.0
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-17495
all versions
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Over
9.8
CRITICAL
CVE-2019-10086
>= 4.3.0.1.0 and <= 4.3.0.6.0
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3
HIGH
CVE-2019-10173
>= 4.3.0.1.0 and <= 4.3.0.6.0
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the sec
9.8
CRITICAL
CVE-2018-1000632
>= 4.3.0.2.0 and <= 4.3.0.6.0
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAtt
7.5
HIGH
CVE-2018-8088
all versions
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended acce
9.8
CRITICAL
CVE-2015-9251
>= 4.3.0.1 and <= 4.3.0.4
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin