CVE-2019-12415
- EPSS 0.02%
- Veröffentlicht 23.10.2019 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:22:47
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...
CVE-2019-2904
- EPSS 21.04%
- Veröffentlicht 16.10.2019 18:15:27
- Zuletzt bearbeitet 21.11.2024 04:41:46
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacke...
CVE-2019-17091
- EPSS 8.42%
- Veröffentlicht 02.10.2019 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:40
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
CVE-2019-13990
- EPSS 10.42%
- Veröffentlicht 26.07.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:25:50
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.