Oracle

Communications Session Report Manager

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2019-0197

  • EPSS 2.09%
  • Veröffentlicht 11.06.2019 22:29:04
  • Zuletzt bearbeitet 21.11.2024 04:16:27

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection cou...

7.5

CVE-2019-0227

Exploit
  • EPSS 90.74%
  • Veröffentlicht 01.05.2019 21:29:00
  • Zuletzt bearbeitet 08.05.2025 18:13:51

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil...

5.3

CVE-2019-10247

  • EPSS 6.59%
  • Veröffentlicht 22.04.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:44

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4...

5.3

CVE-2019-10246

  • EPSS 1.7%
  • Veröffentlicht 22.04.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:44

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co...

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Veröffentlicht 20.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

9.8

CVE-2019-0228

  • EPSS 7.84%
  • Veröffentlicht 17.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:32

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

7.8

CVE-2019-0211

Warnung Exploit
  • EPSS 85.73%
  • Veröffentlicht 08.04.2019 22:29:00
  • Zuletzt bearbeitet 04.04.2025 15:34:11

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...

7.5

CVE-2018-15756

  • EPSS 13.38%
  • Veröffentlicht 18.10.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:24

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,...

6.1

CVE-2018-8032

  • EPSS 2.34%
  • Veröffentlicht 02.08.2018 13:29:00
  • Zuletzt bearbeitet 08.05.2025 18:13:51

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.