Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OracleCommunications Session Report Manager8.1.1

15 matches found

CVE
CVEadded 2019/04/08 10:29 p.m.14192 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually ro...

7.8CVSS7.2AI score0.85835EPSS
CVE
CVEadded 2020/04/29 9:15 p.m.6664 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patch...

6.9CVSS7.2AI score0.21757EPSS
CVE
CVEadded 2020/04/02 12:15 a.m.5749 views

CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

6.1CVSS6.7AI score0.12623EPSS
CVE
CVEadded 2020/04/01 8:15 p.m.5342 views

CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

5.3CVSS6AI score0.39541EPSS
CVE
CVEadded 2019/04/20 12:29 a.m.2189 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS
CVE
CVEadded 2019/06/11 10:29 p.m.2090 views

CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server t...

4.9CVSS5.5AI score0.02196EPSS
CVE
CVEadded 2019/09/26 4:15 p.m.1441 views

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted prox...

7.2CVSS8AI score0.27358EPSS
CVE
CVEadded 2020/01/17 12:15 a.m.462 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.3AI score0.90572EPSS
CVE
CVEadded 2019/04/22 8:29 p.m.299 views

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches t...

5.3CVSS6AI score0.0711EPSS
CVE
CVEadded 2019/05/01 9:29 p.m.246 views

CVE-2019-0227

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

7.5CVSS8.3AI score0.89832EPSS
CVE
CVEadded 2018/08/02 1:29 p.m.226 views

CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.1CVSS5.8AI score0.02343EPSS
CVE
CVEadded 2020/01/16 6:15 p.m.201 views

CVE-2019-17573

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

6.1CVSS5.7AI score0.15538EPSS
CVE
CVEadded 2018/10/18 10:29 p.m.165 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller ...

7.5CVSS7.3AI score0.13593EPSS
CVE
CVEadded 2020/05/14 5:15 p.m.149 views

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

6.1CVSS6AI score0.04424EPSS
CVE
CVEadded 2019/04/22 8:29 p.m.97 views

CVE-2019-10246

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to ...

5.3CVSS5.6AI score0.01703EPSS