Oracle

Weblogic Server

322 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung
  • EPSS 100%
  • Veröffentlicht 18.12.2021 12:15:07
  • Zuletzt bearbeitet 29.05.2026 13:16:19

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...

Exploit
  • EPSS 30.37%
  • Veröffentlicht 17.12.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:51:46

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

  • EPSS 81.15%
  • Veröffentlicht 14.12.2021 12:15:12
  • Zuletzt bearbeitet 28.05.2026 21:16:28

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppen...

Exploit
  • EPSS 42.23%
  • Veröffentlicht 26.10.2021 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:25:41

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any str...

Exploit
  • EPSS 7.95%
  • Veröffentlicht 26.10.2021 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:25:42

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The v...

  • EPSS 44.52%
  • Veröffentlicht 26.10.2021 15:15:10
  • Zuletzt bearbeitet 04.11.2025 16:15:43

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string v...

  • EPSS 1.45%
  • Veröffentlicht 20.10.2021 11:17:12
  • Zuletzt bearbeitet 21.11.2024 06:12:39

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthe...

  • EPSS 2.01%
  • Veröffentlicht 20.10.2021 11:17:11
  • Zuletzt bearbeitet 21.11.2024 06:12:39

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unau...

  • EPSS 1.05%
  • Veröffentlicht 20.10.2021 11:16:32
  • Zuletzt bearbeitet 21.11.2024 06:12:30

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Diagnostics). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker...

  • EPSS 10.45%
  • Veröffentlicht 19.09.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:24:34

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacke...