Vulnerabilities > Oracle > Utilities Framework > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39149 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39151 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39153 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39154 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-06-01 CVE-2021-31684 Out-of-bounds Write vulnerability in multiple products
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
network
low complexity
json-smart-project oracle CWE-787
7.5
2020-12-18 CVE-2020-28052 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66.
network
high complexity
bouncycastle apache oracle
8.1
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache gradle fedoraproject oracle
7.5
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5