threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle webcenter sites
Product
oracle webcenter sites
53 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-20908
all versions
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version
6.1
MEDIUM
CVE-2021-45105
all versions
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9
MEDIUM
CVE-2021-32808
all versions
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid
7.6
HIGH
CVE-2021-29505
all versions
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may al
7.5
HIGH
CVE-2021-27906
all versions
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version
5.5
MEDIUM
CVE-2021-27807
all versions
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22
5.5
MEDIUM
CVE-2021-26272
all versions
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text
6.5
MEDIUM
CVE-2021-26271
all versions
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the
6.5
MEDIUM
CVE-2020-14613
all versions
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Supported ve
6.1
MEDIUM
CVE-2020-11023
all versions
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9
MEDIUM
CVE-2020-2739
all versions
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version th
7.4
HIGH
CVE-2020-5258
all versions
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers t
7.7
HIGH
CVE-2020-7226
all versions
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory
7.5
HIGH
CVE-2020-2539
all versions
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version th
6.1
MEDIUM
CVE-2020-2538
all versions
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version th
7.1
HIGH
CVE-2019-12415
all versions
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially cra
5.5
MEDIUM
CVE-2019-17531
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-16943
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-16942
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-13990
all versions
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo
9.8
CRITICAL
CVE-2019-2579
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported versi
4.3
MEDIUM
CVE-2019-2578
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported versi
8.6
HIGH
CVE-2019-5427
all versions
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections again
7.5
HIGH
CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1
MEDIUM
CVE-2019-0228
all versions
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External
9.8
CRITICAL
CVE-2018-15756
all versions
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t
7.5
HIGH
CVE-2018-3238
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported versi
6.9
MEDIUM
CVE-2018-2791
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
8.2
HIGH
CVE-2015-9251
all versions
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the
6.1
MEDIUM
CVE-2018-2584
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported versi
4.3
MEDIUM
CVE-2017-10033
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported version
4.0
MEDIUM
CVE-2017-12617
all versions
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs ena
8.1
HIGH
CVE-2017-3603
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
3.1
LOW
CVE-2017-3602
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
8.1
HIGH
CVE-2017-3598
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
3.1
LOW
CVE-2017-3597
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
5.7
MEDIUM
CVE-2017-3596
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
7.6
HIGH
CVE-2017-3595
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
7.1
HIGH
CVE-2017-3594
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
5.9
MEDIUM
CVE-2017-3593
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions
7.1
HIGH
CVE-2017-3591
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported version
7.1
HIGH
CVE-2017-3554
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported version
8.1
HIGH
CVE-2017-3545
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Supported versions
8.2
HIGH
CVE-2017-3543
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that
8.6
HIGH
CVE-2017-3542
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that
8.6
HIGH
CVE-2017-3541
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that
8.2
HIGH
CVE-2017-3540
all versions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that
8.6
HIGH
CVE-2016-5511
all versions
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2
4.3
MEDIUM
CVE-2016-3502
all versions
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote
6.5
MEDIUM
CVE-2016-3487
all versions
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote
8.1
HIGH
CVE-2015-3253
all versions
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbi
9.8
CRITICAL
CVE-2014-0107
all versions
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECU
CVE-2013-4316
all versions
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin