Enterprise repository

This hub aggregates every CVE we track for Enterprise repository, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Enterprise repository.

• CVE-2021-36374Apache Ant ZIP, and ZIP based, archive denial of service vulerability5.5Jul 14, 2021
• CVE-2021-36373Apache Ant TAR archive denial of service vulnerability5.5Jul 14, 2021
• CVE-2020-11987Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vul...8.2Feb 24, 2021
• CVE-2021-1994Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vul...9.8Jan 20, 2021
• CVE-2019-17566Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this ...7.5Nov 12, 2020
• CVE-2020-11979As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task dele...7.5Oct 1, 2020
• CVE-2020-11998A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it...9.8Sep 10, 2020
• CVE-2020-11994Server-Side Template Injection and arbitrary file disclosure on Camel templating components7.5Jul 8, 2020
• CVE-2020-1941In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.6.1May 14, 2020
• CVE-2020-1945Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. T...6.3May 14, 2020
• CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7Apr 27, 2020
• CVE-2019-12415In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local fi...5.5Oct 23, 2019
• CVE-2019-2904Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exp...9.8Oct 16, 2019
• CVE-2019-0188Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson compon...7.5May 28, 2019
• CVE-2019-0222In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.7.5Mar 28, 2019