Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OracleEnterprise Repository11.1.1.7.0

15 matches found

CVE
CVEadded 2021/07/14 7:15 a.m.548 views

CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives a...

5.5CVSS6.2AI score0.00154EPSS
CVE
CVEadded 2020/05/14 4:15 p.m.402 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS6.8AI score0.00021EPSS
CVE
CVEadded 2020/10/01 8:15 p.m.270 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00591EPSS
CVE
CVEadded 2020/11/12 6:15 p.m.254 views

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

7.5CVSS8.2AI score0.00815EPSS
CVE
CVEadded 2018/07/09 8:29 p.m.242 views

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deseri...

9.8CVSS8.6AI score0.04619EPSS
CVE
CVEadded 2021/07/14 7:15 a.m.233 views

CVE-2021-36373

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

5.5CVSS6.1AI score0.00127EPSS
CVE
CVEadded 2018/05/11 8:29 p.m.216 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

8.8CVSS9AI score0.0016EPSS
CVE
CVEadded 2021/02/24 6:15 p.m.211 views

CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

8.2CVSS7.8AI score0.00247EPSS
CVE
CVEadded 2018/05/24 4:29 p.m.164 views

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

9.8CVSS8.6AI score0.00723EPSS
CVE
CVEadded 2020/05/14 5:15 p.m.149 views

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

6.1CVSS6AI score0.04424EPSS
CVE
CVEadded 2019/10/16 6:15 p.m.148 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS9.1AI score0.21041EPSS
CVE
CVEadded 2020/07/08 4:15 p.m.123 views

CVE-2020-11994

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

7.5CVSS7.6AI score0.01547EPSS
CVE
CVEadded 2021/01/20 3:15 p.m.114 views

CVE-2021-1994

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic ...

9.8CVSS9.3AI score0.26765EPSS
CVE
CVEadded 2020/09/10 7:15 p.m.95 views

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/...

9.8CVSS9.6AI score0.16601EPSS
CVE
CVEadded 2017/08/08 3:29 p.m.44 views

CVE-2017-10048

Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). Supported versions that are affected are 11.1.1.7.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

8.2CVSS8.2AI score0.01606EPSS