Nginx 安全漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. njs is one of the scripting language components that supports extended NGINX functionality . A denial of service vulnerability exists in Nginx NJS version v0.7.2, which originates from a...

CVE-2020-36497

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component makehtmlhomepage.php via the filename, mid, userid, and templet' parameters...

Code injection

Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM component: Integration - Scripting. Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Co...

Unspecified Vulnerability in Oracle Siebel CRM (CNVD-2021-08525)

Oracle Siebel CRM is a set of customer relationship management solutions from Oracle USA. The solution includes sales management, marketing management, customer service systems, call center modules.Siebel Core-Server BizLogic Script is one of the server BizLogic script component. An unspecified...

Oracle E-Business Suite 组件安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. Scripting is one of the script management console...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability...

OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Security Bulletin: Multiple vulnerabilities in IBMJava SDK affect IBM Cloud App Management

Summary There are vulnerabilities in IBM Java SDK used by IBM® Cloud App Management. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded Scripting

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2020-72711)

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

PT-2020-2542

Name of the Vulnerable Software and Affected Versions Java SE versions 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to the Scripting component and is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to...

PT-2020-2541

Name of the Vulnerable Software and Affected Versions Java SE versions 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to the Scripting component and is due to insufficient access controls. It allows an unauthenticated attacker with network access via multipl...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 7 and Java™ Version 8 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.6.0 used by Rational Functional Tester RFT version 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details Rational Functional Tester has addressed the following: If you run your own...

CVE-2017-10078

It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions...

DEBIAN-CVE-2019-2975

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Oracle Java SE/Java SE Embedded CVE-2019-2975 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Scripting' component. This vulnerability affects the following supported versions: Java SE: 8u221, 11.0.4, 13; Java SE...

Arbitrary Code Execution

Java SE is vulnerable to arbitrary code execution attacks. A remote authenticated user can exploit a flaw in the Scripting component which leads to access and modify data on the target system...