13 matches found
CVE-2015-9251
CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2017-5645
CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...
CVE-2019-13990
CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...
CVE-2019-17566
CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2020-11987
CVE-2020-11987 – SSRF in Apache Batik 1.13 . The initial description confirms a server-side request forgery via improper input validation in NodePickerPanel, enabling an attacker to make arbitrary GET requests from the server. Connected documents corroborate concrete remediation actions across ve...
CVE-2018-8013
Apache Batik 1.x before 1.10 is vulnerable to information disclosure via deserializing a subclass of AbstractDocument, where inputStream-derived class name is used to invoke a no-arg constructor. The fix is to validate the class type before newInstance during deserialization; remediation is to up...
CVE-2017-3230
CVE-2017-3230 affects Oracle Fusion Middleware MapViewer (Map Builder) with MapViewer versions 11.1.1.9, 12.2.1.1, 12.2.1.2. Connected advisories describe concrete flaws in FileUploaderServlet: a directory traversal/ improper input validation on multipart form-data can be exploited by unauthentic...
CVE-2018-2943
CVE-2018-2943 affects the Oracle Fusion Middleware MapViewer component (Map Builder) and specifically targets Fusion Middleware versions 12.2.1.2.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated, network-accessible attacker via HTTP to compromise MapViewer, with potential takeover an...
CVE-2020-14608
CVE-2020-14608 affects Oracle Fusion Middleware MapViewer Tile Server (version 12.2.1.3.0). The vulnerability allows unauthenticated network access via HTTP to compromise MapViewer, potentially enabling unauthorized creation, deletion or modification of data, and read access to data. The CVSS v3....
CVE-2020-14607
CVE-2020-14607 affects Oracle Fusion Middleware MapViewer Tile Server (versions 12.2.1.3.0 and 12.2.1.4.0). The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise MapViewer; exploitation is described as easily exploitable and may lead to unauthorized read...