Oracle Utilities Testing Accelerator — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Utilities Testing Accelerator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2020-13936 — CVSS 8.8 (high): An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same…
CVE-2021-39149 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39141 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39145 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39146 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39147 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39148 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39150 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39154 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39153 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39152 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39139 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39151 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2021-22118 — CVSS 7.8 (high): In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege…
CVE-2021-35515 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite…
CVE-2021-35516 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-35517 — CVSS 7.5 (high): When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2021-39140 — CVSS 6.5 (medium): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2021-33037 — CVSS 5.3 (medium): Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…