Oracle Utilities Framework vulnerabilities

CVE-2026-21924 [MEDIUM] CVE-2026-21924: Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General). Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities

CVE-2020-36518 [HIGH] CWE-787 CVE-2020-36518: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a lar jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

CVE-2021-45105 [MEDIUM] CWE-20 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from u Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

CVE-2021-39154 [HIGH] CWE-434 CVE-2021-39154: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39153 [HIGH] CWE-434 CVE-2021-39153: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is aff

CVE-2021-39152 [HIGH] CWE-502 CVE-2021-39152: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

CVE-2021-39141 [HIGH] CWE-434 CVE-2021-39141: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39146 [HIGH] CWE-434 CVE-2021-39146: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39139 [HIGH] CWE-434 CVE-2021-39139: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario c

CVE-2021-39149 [HIGH] CWE-434 CVE-2021-39149: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39144 [HIGH] CWE-94 CVE-2021-39144: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist lim

CVE-2021-39147 [HIGH] CWE-434 CVE-2021-39147: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39150 [HIGH] CWE-502 CVE-2021-39150: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

CVE-2021-39145 [HIGH] CWE-434 CVE-2021-39145: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39151 [HIGH] CWE-434 CVE-2021-39151: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39148 [HIGH] CWE-434 CVE-2021-39148: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39140 [MEDIUM] CWE-502 CVE-2021-39140: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected,

CVE-2021-2351 [HIGH] CWE-327 CVE-2021-2351: Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versi Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a perso

CVE-2021-36373 [MEDIUM] CWE-130 CVE-2021-36373: When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amoun When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

CVE-2021-36374 [MEDIUM] CWE-130 CVE-2021-36374: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apac