) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-44832 |
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Published: December 28, 2021; 3:15:08 PM -0500 |
V3.1: 6.6 MEDIUM V2.0: 8.5 HIGH |
| CVE-2021-29425 |
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. Published: April 13, 2021; 3:15:12 AM -0400 |
V3.1: 4.8 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2021-23337 |
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Published: February 15, 2021; 8:15:12 AM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-28500 |
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Published: February 15, 2021; 6:15:12 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |