• pkg:maven/org.clojure/clojurescript@1.9.293  (Confidence:High)
• cpe:2.3:a:alex_project:alex:1.9.293:*:*:*:*:*:*:*  (Confidence:Low)  suppress
• cpe:2.3:a:bloom_project:bloom:1.9.293:*:*:*:*:*:*:*  (Confidence:Low)  suppress

CVE-2023-0247  suppress

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

• Base Score: HIGH (7.8)
• Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

• af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• security@huntr.dev - EXPLOIT,PATCH,THIRD_PARTY_ADVISORY
• security@huntr.dev - PATCH,THIRD_PARTY_ADVISORY

Vulnerable Software & Versions:

• cpe:2.3:a:bloom_project:bloom:*:*:*:*:*:go:*:* versions up to (excluding) 3.3.1

• pkg:maven/org.clojure/google-closure-library@0.0-20160609-f42b4a24  (Confidence:High)
• cpe:2.3:a:google:closure_library:0.0.20160609.f42.b4:a24:*:*:*:*:*:*  (Confidence:Highest)  suppress

CVE-2020-8910  suppress

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

• Base Score: MEDIUM (6.5)
• Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

• Base Score: MEDIUM (4.3)
• Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

• OSSINDEX - [CVE-2020-8910] CWE-625: Permissive Regular Expression
• OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8910
• OSSIndex - https://security-tracker.debian.org/tracker/CVE-2020-8910
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY

Vulnerable Software & Versions:

• cpe:2.3:a:google:closure_library:*:*:*:*:*:*:*:* versions up to (excluding) 20200315

• pkg:maven/com.google.code.gson/gson@2.2.4  (Confidence:High)
• cpe:2.3:a:google:gson:2.2.4:*:*:*:*:*:*:*  (Confidence:Highest)  suppress

CVE-2022-25647  suppress

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

• Base Score: HIGH (7.5)
• Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

• Base Score: MEDIUM (5.0)
• Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

• OSSINDEX - [CVE-2022-25647] CWE-502: Deserialization of Untrusted Data
• OSSIndex - https://github.com/google/gson/pull/1991
• af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• report@snyk.io - MAILING_LIST,THIRD_PARTY_ADVISORY
• report@snyk.io - PATCH,THIRD_PARTY_ADVISORY
• report@snyk.io - PATCH,THIRD_PARTY_ADVISORY
• report@snyk.io - PATCH,THIRD_PARTY_ADVISORY
• report@snyk.io - THIRD_PARTY_ADVISORY
• report@snyk.io - THIRD_PARTY_ADVISORY
• report@snyk.io - THIRD_PARTY_ADVISORY
• report@snyk.io - THIRD_PARTY_ADVISORY

Vulnerable Software & Versions: (show all)

• cpe:2.3:a:google:gson:*:*:*:*:*:*:*:* versions from (including) 2.2.3; versions up to (excluding) 2.8.9
• ...
• cpe:2.3:a:google:gson:*:*:*:*:*:*:*:* versions from (including) 2.2.3; versions up to (excluding) 2.8.9
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
• cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*
• cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*
• cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*
• cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*

• pkg:maven/com.google.guava/guava@19.0  (Confidence:High)
• cpe:2.3:a:google:guava:19.0:*:*:*:*:*:*:*  (Confidence:Highest)  suppress

CVE-2023-2976  suppress

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

• Base Score: HIGH (7.1)
• Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A

• OSSINDEX - [CVE-2023-2976] CWE-552: Files or Directories Accessible to External Parties
• OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2976
• OSSIndex - https://github.com/google/guava/issues/2575
• OSSIndex - https://github.com/google/guava/releases/tag/v32.0.0
• af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY
• cve-coordination@google.com - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY

Vulnerable Software & Versions:

• cpe:2.3:a:google:guava:*:*:*:*:*:*:*:* versions up to (excluding) 32.0.0

CVE-2018-10237  suppress

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

• Base Score: MEDIUM (5.9)
• Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A

• Base Score: MEDIUM (4.3)
• Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

• OSSINDEX - [CVE-2018-10237] CWE-770: Allocation of Resources Without Limits or Throttling
• OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10237
• OSSIndex - https://blog.sonatype.com/2018/11/welcome-back-to-nexus-intelligence-insights/
• OSSIndex - https://github.com/google/guava/wiki/CVE-2018-10237
• OSSIndex - https://www.securityfocus.com/bid/104133/references
• af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - VENDOR_ADVISORY
• cve@mitre.org - BROKEN_LINK
• cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY
• cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY
• cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY
• cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - THIRD_PARTY_ADVISORY
• cve@mitre.org - VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

• cpe:2.3:a:google:guava:*:*:*:*:*:*:*:* versions from (including) 11.0; versions up to (excluding) 24.1.1
• ...
• cpe:2.3:a:google:guava:*:*:*:*:*:*:*:* versions from (including) 11.0; versions up to (excluding) 24.1.1
• cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:* versions from (including) 14.1.0; versions up to (including) 14.4.0
• cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

CVE-2020-8908  suppress

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

• Base Score: LOW (3.3)
• Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

• Base Score: LOW (2.1)
• Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

• OSSINDEX - [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
• OSSIndex - https://github.com/google/guava/issues/4011
• af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - EXPLOIT,PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - PATCH,THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY
• cve-coordination@google.com - THIRD_PARTY_ADVISORY

Vulnerable Software & Versions: (show all)

• cpe:2.3:a:google:guava:*:*:*:*:*:*:*:* versions up to (excluding) 32.0.0
• ...
• cpe:2.3:a:google:guava:*:*:*:*:*:*:*:* versions up to (excluding) 32.0.0
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
• cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:* versions up to (excluding) 20.3
• cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
• cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 19.0
• cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* versions up to (excluding) 1.11.4