Vulnerabilities > Oracle > Webcenter Portal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
| 2021-11-17 | CVE-2021-41165 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-11-17 | CVE-2021-41164 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-10-19 | CVE-2021-37136 | Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). | 7.5 |
| 2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 7.5 |
| 2021-08-23 | CVE-2021-39140 | Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 6.3 |
| 2021-08-23 | CVE-2021-39150 | Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39152 | Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39139 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.8 |
| 2021-08-23 | CVE-2021-39141 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |