oracle financial_services_institutional_performance_analytics CVE Vulnerabilities (10)

CVEs: 10 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting oracle financial_services_institutional_performance_analytics (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 110 of 10 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-11022 In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. [email protected] 6.9 99.02% 2020-04-29 2026-06-16
CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 [email protected] 3.7 8.10% 2020-04-27 2026-06-16
CVE-2020-11113 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). [email protected] 8.8 6.28% 2020-03-31 2026-06-16
CVE-2020-11112 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). [email protected] 8.8 3.55% 2020-03-31 2026-06-16
CVE-2020-10969 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. [email protected] 8.8 3.47% 2020-03-26 2026-06-16
CVE-2020-10968 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). [email protected] 8.8 3.54% 2020-03-26 2026-06-16
CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). [email protected] 8.8 7.96% 2020-03-18 2026-06-16
CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). [email protected] 8.8 2.96% 2020-03-18 2026-06-16
CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). [email protected] 9.8 4.58% 2020-03-01 2026-06-16
CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. [email protected] 6.1 87.22% 2019-04-19 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence