Vulnerabilities > Oracle > Business Process Management Suite > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-07 CVE-2020-17521 Apache Groovy provides extension methods to aid with creating temporary directories.
local
low complexity
apache netapp oracle
5.5
2020-05-14 CVE-2020-1945 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.
6.3
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1