Communications Eagle Application Processor Security Vulnerabilities and Issues — Communications Eagle Application Processor CVE List

Lucene search

OracleCommunications Eagle Application Processor

12 matches found

CVE•added 2020/04/29 10:15 p.m.•6985 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS7.2AI score0.05235EPSS

In wildWeb

CVE•added 2020/04/29 9:15 p.m.•6725 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3...

6.9CVSS7.2AI score0.21547EPSS

In wildWeb

CVE•added 2019/04/20 12:29 a.m.•2239 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.05394EPSS

In wild

CVE•added 2021/03/25 5:15 p.m.•927 views

CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.6AI score0.00578EPSS

CVE•added 2015/01/28 7:59 p.m.•528 views

CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

10CVSS7.7AI score0.85843EPSS

In wild

CVE•added 2020/06/05 3:15 p.m.•442 views

CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

7.5CVSS8.1AI score0.00201EPSS

CVE•added 2020/06/05 2:15 p.m.•358 views

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.6CVSS8.8AI score0.00148EPSS

CVE•added 2020/06/05 2:15 p.m.•338 views

CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

8.2CVSS8.7AI score0.03944EPSS

CVE•added 2018/07/10 9:29 p.m.•284 views

CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

5.6CVSS6.3AI score0.01192EPSS

CVE•added 2018/03/30 9:29 p.m.•267 views

CVE-2018-7566

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

7.8CVSS6.9AI score0.00082EPSS

CVE•added 2019/11/08 3:15 p.m.•249 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01852EPSS

CVE•added 2016/07/21 10:15 a.m.•28 views

CVE-2016-5458

Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL.

6.4CVSS5.5AI score0.00241EPSS