Vulnerabilities > Oracle > Webcenter Sites > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2021-29505 | Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. | 8.8 |
| 2020-04-15 | CVE-2020-2739 | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). | 7.4 |
| 2020-03-10 | CVE-2020-5258 | Code Injection vulnerability in multiple products In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. | 7.7 |
| 2020-01-24 | CVE-2020-7226 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. | 7.5 |
| 2020-01-15 | CVE-2020-2538 | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). | 7.1 |
| 2019-04-23 | CVE-2019-2578 | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 8.6 |
| 2019-04-22 | CVE-2019-5427 | XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 |
| 2018-10-18 | CVE-2018-15756 | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. | 7.5 |
| 2018-04-19 | CVE-2018-2791 | Unspecified vulnerability in Oracle Webcenter Sites 11.1.1.8.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 8.2 |
| 2017-10-04 | CVE-2017-12617 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. | 8.1 |