Oracle

Webcenter Sites

64 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung Exploit
  • EPSS 83.83%
  • Veröffentlicht 29.04.2020 21:15:11
  • Zuletzt bearbeitet 07.11.2025 19:32:52

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...

  • EPSS 1.87%
  • Veröffentlicht 15.04.2020 14:15:23
  • Zuletzt bearbeitet 21.11.2024 05:26:07

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

Exploit
  • EPSS 3.99%
  • Veröffentlicht 10.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

Exploit
  • EPSS 3.33%
  • Veröffentlicht 24.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:36:52

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted...

  • EPSS 1.09%
  • Veröffentlicht 15.01.2020 17:15:16
  • Zuletzt bearbeitet 21.11.2024 05:25:28

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

  • EPSS 1.09%
  • Veröffentlicht 15.01.2020 17:15:16
  • Zuletzt bearbeitet 21.11.2024 05:25:28

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H...

  • EPSS 0.99%
  • Veröffentlicht 23.10.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

  • EPSS 5.33%
  • Veröffentlicht 12.10.2019 21:15:08
  • Zuletzt bearbeitet 21.11.2024 04:32:27

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...

  • EPSS 4.86%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

  • EPSS 5.68%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....