Oracle Primavera Unifier vulnerabilities
95 known vulnerabilities affecting oracle/primavera_unifier.
Total CVEs
95
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
3
Severity breakdown
CRITICAL20HIGH35MEDIUM38LOW2
Vulnerabilities
Page 2 of 5
CVE-2021-28657MEDIUMCVSS 5.5≥ 17.7, ≤ 17.12v18.8+2 more2021-03-31
CVE-2021-28657 [MEDIUM] CWE-835 CVE-2021-28657: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and inclu
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
nvd
CVE-2021-3449MEDIUMCVSS 5.9≥ 17.7, ≤ 17.12v19.12+2 more2021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2021-27807MEDIUMCVSS 5.5≥ 17.7, ≤ 17.12v18.8+2 more2021-03-19
CVE-2021-27807 [MEDIUM] CWE-834 CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
nvd
CVE-2021-27906MEDIUMCVSS 5.5≥ 17.7, ≤ 17.12v18.8+2 more2021-03-19
CVE-2021-27906 [MEDIUM] CWE-789 CVE-2021-27906: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
nvd
CVE-2021-23337HIGHCVSS 7.2PoC≥ 17.7, ≤ 17.12v18.8+2 more2021-02-15
CVE-2021-23337 [HIGH] CWE-94 CVE-2021-23337: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
nvd
CVE-2020-28500MEDIUMCVSS 5.3≥ 17.7, ≤ 17.12v18.8+2 more2021-02-15
CVE-2020-28500 [MEDIUM] CVE-2020-28500: Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
nvd
CVE-2020-36179HIGHCVSS 8.1≥ 17.7, ≤ 17.12v18.8+2 more2021-01-07
CVE-2020-36179 [HIGH] CWE-502 CVE-2020-36179: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36183HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-07
CVE-2020-36183 [HIGH] CWE-502 CVE-2020-36183: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
nvd
CVE-2020-36182HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-07
CVE-2020-36182 [HIGH] CWE-502 CVE-2020-36182: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36180HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-07
CVE-2020-36180 [HIGH] CWE-502 CVE-2020-36180: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36189HIGHCVSS 8.1≥ 17.7, ≤ 17.12v18.8+2 more2021-01-06
CVE-2020-36189 [HIGH] CWE-502 CVE-2020-36189: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
nvd
CVE-2020-36184HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-06
CVE-2020-36184 [HIGH] CWE-502 CVE-2020-36184: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
nvd
CVE-2020-36186HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-06
CVE-2020-36186 [HIGH] CWE-502 CVE-2020-36186: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
nvd
CVE-2020-36187HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-06
CVE-2020-36187 [HIGH] CWE-502 CVE-2020-36187: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
nvd
CVE-2020-36181HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-06
CVE-2020-36181 [HIGH] CWE-502 CVE-2020-36181: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36188HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-06
CVE-2020-36188 [HIGH] CWE-502 CVE-2020-36188: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
nvd
CVE-2020-36185HIGHCVSS 8.1≥ 17.7, ≤ 17.12v17.2+3 more2021-01-06
CVE-2020-36185 [HIGH] CWE-502 CVE-2020-36185: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
nvd
CVE-2020-35728HIGHCVSS 8.1≥ 17.7, ≤ 17.12≥ 18.8, ≤ 19.12+1 more2020-12-27
CVE-2020-35728 [HIGH] CWE-502 CVE-2020-35728: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
nvd
CVE-2020-35460MEDIUMCVSS 5.3≥ 17.7, ≤ 17.12v16.1+4 more2020-12-14
CVE-2020-35460 [MEDIUM] CWE-22 CVE-2020-35460: common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip st
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
nvd
CVE-2020-8908LOWCVSS 3.3≥ 17.7, ≤ 17.12v18.8+3 more2020-12-10
CVE-2020-8908 [LOW] CWE-378 CVE-2020-8908: A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with a
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to
nvd