13 matches found
CVE-2020-11023
The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...
CVE-2019-17566
CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...
CVE-2021-27807
CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...
CVE-2021-27906
CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....
CVE-2019-0228
CVE-2019-0228 affects Apache PDFBox 2.0.14, enabling an XML External Entity (XXE) attack via crafted XFDF. IBM advisories fix the vulnerability by upgrading IBM Operations Analytics - Log Analysis to version 1.3.7 (PDFBox handling) and Fedora advisories show a PDFBox update to 2.0.16. The vulnera...
CVE-2017-10358
CVE-2017-10358 affects Oracle Hyperion Financial Reporting, subcomponent Workspace, with vulnerable version 11.1.2. The vulnerability allows a low-privilege, network-access attacker (HTTP) to read, update, insert, or delete data in Oracle Hyperion Financial Reporting, potentially impacting additi...
CVE-2021-35665
Oracle Hyperion Financial Reporting (Repository component) is affected in version 11.2.6.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the product, with user interaction required, potentially leading to unauthorized update/insert/delete and rea...
CVE-2019-2959
CVE-2019-2959 affects Oracle Hyperion Financial Reporting (11.1.2.4) within the Security Models component. Red Hat’s advisory mirrors the description: a remote, HTTP-exposed vulnerability that can be exploited by a high-privilege attacker and requires user interaction. Successful exploitation cou...
CVE-2017-10310
CVE-2017-10310 affects Oracle Hyperion Financial Reporting, subcomponent Security Models, with the affected product/version: Oracle Hyperion Financial Reporting (11.1.2). The vulnerability is exploitable by an unauthenticated attacker over HTTP with network access, enabling unauthorized access to...
CVE-2020-2769
CVE-2020-2769 affects Oracle Hyperion Financial Reporting, specifically the Web Based Report Designer, with affected version 11.1.2.4. The vulnerability can be exploited by a high-privilege attacker over a network via HTTP and requires user interaction. Successful exploitation could result in una...
CVE-2018-2907
The CVE-2018-2907 entry concerns Oracle Hyperion’s Hyperion Financial Reporting component (subcomponent: Security Models). Affected product: Hyperion Financial Reporting version 11.1.2. The vulnerability description states an unauthenticated, network-accessible issue over HTTP that could allow ac...
CVE-2016-3493
The CVE-2016-3493 issue affects Oracle Hyperion Financial Reporting (11.1.2.4), with vulnerability in the Security Models subcomponent of Hyperion’s Financial Reporting. Connected documents indicate a remote attacker could affect confidentiality, integrity, and availability, indicating a high-imp...
CVE-2025-50108
The CVE-2025-50108 entry concerns Oracle Hyperion Financial Reporting (Workspace component) with affected version 11.2.20.0.000. A vulnerability exists in the Workspace area that can be exploited by a low-privileged attacker over HTTP with network access; exploitation requires user interaction. S...