Vulnerabilities > Oracle > Policy Automation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-28 | CVE-2021-44832 | Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 6.6 |
| 2021-10-26 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. | 6.1 |
| 2021-10-26 | CVE-2021-41183 | jQuery-UI is the official jQuery user interface library. | 6.1 |
| 2021-10-26 | CVE-2021-41184 | jQuery-UI is the official jQuery user interface library. | 6.1 |
| 2020-04-29 | CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
| 2020-04-27 | CVE-2020-9488 | Improper Certificate Validation vulnerability in multiple products Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. | 3.7 |
| 2019-11-08 | CVE-2019-10219 | A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-10-15 | CVE-2019-17195 | Improper Handling of Exceptional Conditions vulnerability in multiple products Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | 9.8 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |