Oracle

Jdeveloper

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

9.8

CVE-2018-14720

  • EPSS 3.41%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

10

CVE-2018-14721

  • EPSS 9.9%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

9.8

CVE-2018-14719

  • EPSS 2.65%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8

CVE-2018-14718

  • EPSS 14.75%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:39

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Published 18.01.2018 23:29:00
  • Last modified 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

8.2

CVE-2018-2711

  • EPSS 1.65%
  • Published 18.01.2018 02:29:24
  • Last modified 21.11.2024 04:04:18

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability ...

4.7

CVE-2017-10273

  • EPSS 0.14%
  • Published 18.01.2018 02:29:16
  • Last modified 21.11.2024 03:05:48

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerab...

9.8

CVE-2017-5645

  • EPSS 94.01%
  • Published 17.04.2017 21:59:00
  • Last modified 20.04.2025 01:37:25

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

5.8

CVE-2017-3255

  • EPSS 0.49%
  • Published 27.01.2017 22:59:02
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable...