Lucene search
K
OracleEndeca Information Discovery Studio

11 matches found

CVE
CVE
added 2018/01/18 11:0 p.m.3325 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.29726EPSS
Web
CVE
CVE
added 2019/12/20 4:1 p.m.1151 views

CVE-2019-17571

CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...

9.8CVSS8.8AI score0.6906EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.604 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2020/05/14 3:57 p.m.450 views

CVE-2020-1945

This CVE (CVE-2020-1945) affects Apache Ant. Connected Arch Linux advisory ASA-202005-15 confirms the vulnerability exists in ant before version 1.10.8-1, where Ant uses java.io.tmpdir for several tasks and can leak sensitive information. The fixcrlf and replaceregexp tasks may copy files from th...

6.3CVSS6.8AI score0.01793EPSS
CVE
CVE
added 2020/11/16 9:0 p.m.442 views

CVE-2020-26217

XStream (Java) vulnerable to remote code execution via insecure XML deserialization. The issue affects versions before 1.4.14 where processing input streams can lead to arbitrary shell execution. The advisory notes that only users relying on a blocklist are affected, while those using the securit...

9.3CVSS8.2AI score0.85001EPSS
Web
CVE
CVE
added 2019/05/15 4:54 p.m.395 views

CVE-2013-7285

CVE-2013-7285: XStream API (versions up to 1.4.6 and 1.4.10) may allow remote code execution if the security framework is not initialized during unmarshalling of XML/JSON streams. IBM’s bulletin for IBM Storage Copy Data Management cites this as a vulnerability affecting 2.2.x releases and instru...

9.8CVSS9.4AI score0.84362EPSS
Web
CVE
CVE
added 2019/10/23 7:27 p.m.345 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
CVE
CVE
added 2020/10/01 7:24 p.m.315 views

CVE-2020-11979

CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...

7.5CVSS6.9AI score0.08235EPSS
CVE
CVE
added 2019/05/01 8:3 p.m.300 views

CVE-2019-0227

The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...

7.5CVSS8.3AI score0.86503EPSS
Web
CVE
CVE
added 2018/08/02 1:0 p.m.257 views

CVE-2018-8032

CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....

6.1CVSS5.8AI score0.10554EPSS
CVE
CVE
added 2019/07/23 12:50 p.m.217 views

CVE-2019-10173

XStream library vulnerability CVE-2019-10173 affects version 1.4.10 prior to 1.4.11, introducing a regression of CVE-2013-7285 where, if the security framework is not initialized, a remote attacker can execute arbitrary shell commands during unmarshalling XML or other supported formats (e.g., JSO...

9.8CVSS9.5AI score0.94774EPSS