Oracle

Jd Edwards Enterpriseone Tools

164 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.5%
  • Veröffentlicht 23.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:10

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-afte...

  • EPSS 77.39%
  • Veröffentlicht 03.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:50:49

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is con...

Exploit
  • EPSS 32.36%
  • Veröffentlicht 03.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:50:50

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over ne...

  • EPSS 50.73%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 16.04.2026 15:16:45

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...

Exploit
  • EPSS 22.41%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Exploit
  • EPSS 7.34%
  • Veröffentlicht 15.02.2021 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

  • EPSS 1.96%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

  • EPSS 2.22%
  • Veröffentlicht 26.01.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

Exploit
  • EPSS 4.89%
  • Veröffentlicht 07.01.2021 00:15:15
  • Zuletzt bearbeitet 29.04.2026 20:22:05

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Exploit
  • EPSS 20.93%
  • Veröffentlicht 07.01.2021 00:15:14
  • Zuletzt bearbeitet 21.11.2024 05:28:54

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.