Vulnerabilities > Oracle > Primavera Unifier
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-16 | CVE-2022-25169 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | 5.5 |
2022-05-16 | CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. | 5.5 |
2022-03-11 | CVE-2020-36518 | Out-of-bounds Write vulnerability in multiple products jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | 7.5 |
2021-12-28 | CVE-2021-44832 | Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 6.6 |
2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
2021-12-17 | CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | 9.8 |
2021-10-26 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41184 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-18 | CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |