|Max CVSS||7.5||Min CVSS||5.8||Total Count||3|
|ID||CVSS||Summary||Last (major) update||Published|
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 188.8.131.52.0. Easily exploitable vulnerability allows unauthenticated
|16-10-2018 - 21:31||16-10-2018 - 21:31|
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before
|24-05-2018 - 12:29||24-05-2018 - 12:29|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|24-04-2017 - 20:32||17-04-2017 - 17:59|