Oracle

Enterprise Manager Base Platform

135 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 10.62%
  • Veröffentlicht 03.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:44:16

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentiall...

  • EPSS 8.64%
  • Veröffentlicht 03.01.2020 04:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:16

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

  • EPSS 2.17%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

  • EPSS 13.84%
  • Veröffentlicht 06.11.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:48

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is...

  • EPSS 0.99%
  • Veröffentlicht 23.10.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

  • EPSS 0.92%
  • Veröffentlicht 16.10.2019 18:15:27
  • Zuletzt bearbeitet 21.11.2024 04:41:45

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p...

  • EPSS 11.03%
  • Veröffentlicht 15.10.2019 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:50

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

  • EPSS 16.2%
  • Veröffentlicht 26.07.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:50

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

  • EPSS 8.46%
  • Veröffentlicht 28.05.2019 19:29:02
  • Zuletzt bearbeitet 21.11.2024 04:16:26

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

Exploit
  • EPSS 86.5%
  • Veröffentlicht 01.05.2019 21:29:00
  • Zuletzt bearbeitet 08.05.2025 18:13:51

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil...