CVE-2020-11022
- EPSS 18.04%
- Veröffentlicht 29.04.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:36
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...
CVE-2020-9488
- EPSS 0.02%
- Veröffentlicht 27.04.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:45
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...
CVE-2019-0227
- EPSS 90.74%
- Veröffentlicht 01.05.2019 21:29:00
- Zuletzt bearbeitet 08.05.2025 18:13:51
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil...
CVE-2019-11358
- EPSS 0.94%
- Veröffentlicht 20.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2018-8032
- EPSS 2.34%
- Veröffentlicht 02.08.2018 13:29:00
- Zuletzt bearbeitet 08.05.2025 18:13:51
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2017-5645
- EPSS 94.01%
- Veröffentlicht 17.04.2017 21:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.