Oracle

Business Process Management Suite

30 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-19361

  • EPSS 4.06%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

9.8

CVE-2018-19360

  • EPSS 6.78%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

9.8

CVE-2018-14719

  • EPSS 2.65%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8

CVE-2018-14718

  • EPSS 14.75%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:39

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

7.5

CVE-2018-3246

  • EPSS 3.7%
  • Published 17.10.2018 01:31:26
  • Last modified 21.11.2024 04:05:31

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker wit...

7.5

CVE-2018-11761

  • EPSS 12.93%
  • Published 19.09.2018 14:29:00
  • Last modified 21.11.2024 03:43:58

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

9.1

CVE-2018-3100

  • EPSS 2.3%
  • Published 18.07.2018 13:29:09
  • Last modified 21.11.2024 04:05:10

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. ...

9.8

CVE-2018-1000613

  • EPSS 4.04%
  • Published 09.07.2018 20:29:00
  • Last modified 12.05.2025 17:37:16

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv...

7.5

CVE-2018-1000180

  • EPSS 0.24%
  • Published 05.06.2018 13:29:00
  • Last modified 12.05.2025 17:37:16

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. T...

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Published 18.01.2018 23:29:00
  • Last modified 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.