Lucene search

K
OracleJd Edwards Enterpriseone Tools9.2

38 matches found

CVE
CVE
added 2018/01/18 11:29 p.m.2410 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

6.1CVSS6.3AI score0.11287EPSS
CVE
CVE
added 2019/04/20 12:29 a.m.2211 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.01294EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.798 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.06225EPSS
CVE
CVE
added 2017/04/17 9:59 p.m.529 views

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

9.8CVSS9.5AI score0.93917EPSS
CVE
CVE
added 2019/10/12 9:15 p.m.353 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an a...

9.8CVSS9.2AI score0.0119EPSS
CVE
CVE
added 2019/03/21 4:0 p.m.309 views

CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to ma...

7.5CVSS8.4AI score0.049EPSS
CVE
CVE
added 2019/10/01 5:15 p.m.288 views

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an R...

9.8CVSS9.3AI score0.01841EPSS
CVE
CVE
added 2019/10/01 5:15 p.m.286 views

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find...

9.8CVSS9.4AI score0.00438EPSS
CVE
CVE
added 2019/07/29 12:15 p.m.256 views

CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

9.8CVSS9.7AI score0.01455EPSS
CVE
CVE
added 2017/11/13 10:29 p.m.253 views

CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail t...

7.5CVSS7.4AI score0.69527EPSS
CVE
CVE
added 2018/02/06 3:29 p.m.252 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-...

9.8CVSS9.2AI score0.77336EPSS
CVE
CVE
added 2019/01/02 6:29 p.m.192 views

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

9.8CVSS9.8AI score0.14747EPSS
CVE
CVE
added 2018/05/24 4:29 p.m.164 views

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

9.8CVSS8.6AI score0.0098EPSS
CVE
CVE
added 2019/03/21 4:0 p.m.151 views

CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDA...

7.5CVSS8.4AI score0.03093EPSS
CVE
CVE
added 2019/07/30 11:15 a.m.149 views

CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

7.5CVSS8.4AI score0.10318EPSS
CVE
CVE
added 2017/05/04 7:29 p.m.96 views

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

7.5CVSS7.3AI score0.55093EPSS
CVE
CVE
added 2018/09/14 8:29 p.m.93 views

CVE-2018-11058

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 dat...

9.8CVSS9.1AI score0.01792EPSS
CVE
CVE
added 2017/12/01 4:29 p.m.86 views

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

6.2CVSS6.2AI score0.02511EPSS
CVE
CVE
added 2015/07/09 7:17 p.m.84 views

CVE-2015-1793

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigge...

6.5CVSS6.1AI score0.82685EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.59 views

CVE-2020-2733

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

9.8CVSS9.1AI score0.89329EPSS
CVE
CVE
added 2018/08/31 6:29 p.m.52 views

CVE-2018-11055

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a...

5.5CVSS6.9AI score0.00088EPSS
CVE
CVE
added 2018/08/31 6:29 p.m.51 views

CVE-2018-11056

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1...

6.5CVSS7.6AI score0.01961EPSS
CVE
CVE
added 2018/11/16 9:29 p.m.49 views

CVE-2018-15769

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value i...

7.5CVSS8.3AI score0.01571EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.46 views

CVE-2018-3006

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.46 views

CVE-2019-2564

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne...

4.3CVSS3.4AI score0.00277EPSS
CVE
CVE
added 2018/08/31 6:29 p.m.45 views

CVE-2018-11054

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

7.5CVSS8.4AI score0.0235EPSS
CVE
CVE
added 2018/08/31 6:29 p.m.45 views

CVE-2018-11057

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

5.9CVSS7.2AI score0.0062EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.42 views

CVE-2018-2948

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.41 views

CVE-2018-2947

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne...

6.5CVSS6.1AI score0.00726EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.38 views

CVE-2018-2659

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards Enterpri...

6.1CVSS5.5AI score0.00511EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.38 views

CVE-2018-2944

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwar...

7.5CVSS7.1AI score0.02462EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.35 views

CVE-2018-2949

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.35 views

CVE-2018-2950

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.35 views

CVE-2018-2999

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.34 views

CVE-2018-2658

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards Enterpri...

6.1CVSS5.5AI score0.00511EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.34 views

CVE-2018-2946

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.32 views

CVE-2017-3517

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards Enterp...

6.5CVSS5.7AI score0.00946EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.30 views

CVE-2018-2945

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS5.5AI score0.00451EPSS