Vulnerabilities > Oracle > Agile Engineering Data Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-27 | CVE-2022-23181 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. | 7.0 |
| 2022-01-24 | CVE-2022-23437 | Infinite Loop vulnerability in multiple products There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. | 6.5 |
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
| 2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
| 2021-07-21 | CVE-2021-2351 | Session Fixation vulnerability in Oracle products Vulnerability in the Advanced Networking Option component of Oracle Database Server. | 8.3 |
| 2021-07-14 | CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-02-24 | CVE-2020-11987 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. | 8.2 |
| 2021-01-20 | CVE-2021-1996 | Unspecified vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). network oracle | 3.5 |
| 2020-12-07 | CVE-2020-17521 | Apache Groovy provides extension methods to aid with creating temporary directories. | 5.5 |