CVE-2018-2947
- EPSS 2.03%
- Veröffentlicht 18.07.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 04:04:48
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acces...
CVE-2018-2948
- EPSS 1.54%
- Veröffentlicht 18.07.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 04:04:48
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network acce...
CVE-2018-2949
- EPSS 1.51%
- Veröffentlicht 18.07.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 04:04:49
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network acce...
CVE-2018-2950
- EPSS 1.54%
- Veröffentlicht 18.07.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 04:04:49
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network acce...
CVE-2018-8013
- EPSS 19.52%
- Veröffentlicht 24.05.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:05
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before ...
CVE-2017-15095
- EPSS 8.41%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:03
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe...
CVE-2015-9251
- EPSS 29.73%
- Veröffentlicht 18.01.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:09
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2018-2658
- EPSS 0.82%
- Veröffentlicht 18.01.2018 02:29:21
- Zuletzt bearbeitet 21.11.2024 04:04:10
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...
CVE-2018-2659
- EPSS 0.82%
- Veröffentlicht 18.01.2018 02:29:21
- Zuletzt bearbeitet 21.11.2024 04:04:10
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...
CVE-2017-15707
- EPSS 4.89%
- Veröffentlicht 01.12.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.