Oracle

Webcenter Sites

53 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2020-2739

  • EPSS 3.15%
  • Published 15.04.2020 14:15:23
  • Last modified 21.11.2024 05:26:07

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

5

CVE-2020-5258

Exploit
  • EPSS 1.99%
  • Published 10.03.2020 18:15:12
  • Last modified 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

7.5

CVE-2020-7226

Exploit
  • EPSS 1.65%
  • Published 24.01.2020 15:15:14
  • Last modified 21.11.2024 05:36:52

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted...

6.1

CVE-2020-2539

  • EPSS 1.16%
  • Published 15.01.2020 17:15:16
  • Last modified 21.11.2024 05:25:28

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

7.1

CVE-2020-2538

  • EPSS 1.5%
  • Published 15.01.2020 17:15:16
  • Last modified 21.11.2024 05:25:28

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

5.5

CVE-2019-12415

  • EPSS 0.02%
  • Published 23.10.2019 20:15:12
  • Last modified 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

9.8

CVE-2019-17531

  • EPSS 1.19%
  • Published 12.10.2019 21:15:08
  • Last modified 21.11.2024 04:32:27

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

9.8

CVE-2019-16942

  • EPSS 0.44%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-13990

  • EPSS 10.42%
  • Published 26.07.2019 19:15:11
  • Last modified 21.11.2024 04:25:50

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.