Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Primavera Unifier
Total 95 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19362 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-19361 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-14721 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Banking Platform and 9 more 2024-11-21 7.5 HIGH 10.0 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Banking Platform and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14719 5 Debian, Fasterxml, Netapp and 2 more 21 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 18 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 5 Debian, Fasterxml, Netapp and 2 more 26 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 23 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2017-7525 5 Debian, Fasterxml, Netapp and 2 more 22 Debian Linux, Jackson-databind, Oncommand Balance and 19 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CVE-2017-3501 1 Oracle 1 Primavera Unifier 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.0, 10.1, 15.1 and 15.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2017-15095 5 Debian, Fasterxml, Netapp and 2 more 25 Debian Linux, Jackson-databind, Oncommand Balance and 22 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
CVE-2017-10150 1 Oracle 1 Primavera Unifier 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVE-2017-10149 1 Oracle 1 Primavera Unifier 2024-11-21 4.9 MEDIUM 4.8 MEDIUM
Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).
CVE-2016-7103 7 Debian, Fedoraproject, Jqueryui and 4 more 13 Debian Linux, Fedora, Jquery Ui and 10 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CVE-2016-4055 3 Momentjs, Oracle, Tenable 3 Moment, Primavera Unifier, Nessus 2024-11-21 7.8 HIGH 6.5 MEDIUM
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
CVE-2015-9251 2 Jquery, Oracle 47 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 44 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.