Oracle

Webcenter Sites

53 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2019-2579

  • EPSS 59.99%
  • Veröffentlicht 23.04.2019 19:32:49
  • Zuletzt bearbeitet 21.11.2024 04:41:08

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

8.6

CVE-2019-2578

  • EPSS 68.92%
  • Veröffentlicht 23.04.2019 19:32:49
  • Zuletzt bearbeitet 21.11.2024 04:41:08

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access ...

7.5

CVE-2019-5427

Exploit
  • EPSS 6.91%
  • Veröffentlicht 22.04.2019 21:29:00
  • Zuletzt bearbeitet 05.09.2025 17:23:58

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Veröffentlicht 20.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

9.8

CVE-2019-0228

  • EPSS 7.84%
  • Veröffentlicht 17.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:32

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

7.5

CVE-2018-15756

  • EPSS 13.38%
  • Veröffentlicht 18.10.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:24

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,...

6.9

CVE-2018-3238

  • EPSS 30.48%
  • Veröffentlicht 17.10.2018 01:31:25
  • Zuletzt bearbeitet 21.11.2024 04:05:30

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access ...

8.2

CVE-2018-2791

  • EPSS 87.02%
  • Veröffentlicht 19.04.2018 02:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:27

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated att...

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Veröffentlicht 18.01.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

4.3

CVE-2018-2584

  • EPSS 0.2%
  • Veröffentlicht 18.01.2018 02:29:18
  • Zuletzt bearbeitet 21.11.2024 04:03:59

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access v...