Oracle

Webcenter Sites

53 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2020-2739

  • EPSS 3.15%
  • Veröffentlicht 15.04.2020 14:15:23
  • Zuletzt bearbeitet 21.11.2024 05:26:07

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

5

CVE-2020-5258

Exploit
  • EPSS 1.99%
  • Veröffentlicht 10.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

7.5

CVE-2020-7226

Exploit
  • EPSS 1.65%
  • Veröffentlicht 24.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:36:52

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted...

6.1

CVE-2020-2539

  • EPSS 1.16%
  • Veröffentlicht 15.01.2020 17:15:16
  • Zuletzt bearbeitet 21.11.2024 05:25:28

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

7.1

CVE-2020-2538

  • EPSS 1.5%
  • Veröffentlicht 15.01.2020 17:15:16
  • Zuletzt bearbeitet 21.11.2024 05:25:28

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

5.5

CVE-2019-12415

  • EPSS 0.02%
  • Veröffentlicht 23.10.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

9.8

CVE-2019-17531

  • EPSS 1.19%
  • Veröffentlicht 12.10.2019 21:15:08
  • Zuletzt bearbeitet 21.11.2024 04:32:27

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

9.8

CVE-2019-16942

  • EPSS 0.44%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-13990

  • EPSS 10.42%
  • Veröffentlicht 26.07.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:50

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.