Lucene search
K
OracleJdeveloper

25 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7535 views

CVE-2020-11022

CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.

6.9CVSS6.7AI score0.99019EPSS
In wild
CVE
CVE
added 2018/01/18 11:0 p.m.3147 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.29726EPSS
Web
CVE
CVE
added 2019/04/19 12:0 a.m.2947 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2021/12/14 12:0 a.m.1430 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wildWeb
CVE
CVE
added 2021/12/18 11:55 a.m.1185 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2022/01/18 3:25 p.m.849 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.785 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.731 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
CVE
CVE
added 2017/04/17 9:0 p.m.596 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2020/05/01 6:55 p.m.502 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.464 views

CVE-2018-14721

CVE-2018-14721 affects FasterXML jackson-databind 2.x up to 2.9.6 (before 2.9.7). The flaw allows remote attackers to perform SSRF by failing to block axis2-jaxws class during polymorphic deserialization, enabling server-side requests under network access. The vulnerability is tied to the misuse ...

10CVSS9.4AI score0.10458EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.406 views

CVE-2018-14720

CVE-2018-14720 affects jackson-databind 2.x prior to 2.9.7, via unsafe polymorphic deserialization that could enable external XML entity (XXE) attacks when failure to block unspecified JDK classes occurs. The connected documents corroborate a fix in 2.9.7 (and related update notes), with multiple...

9.8CVSS9.4AI score0.07524EPSS
CVE
CVE
added 2019/10/23 7:27 p.m.344 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.232 views

CVE-2018-14718

CVE-2018-14718 affects FasterXML jackson-databind 2.x (pre-2.9.7). Description: remote code execution via deserialization due to failure to block the slf4j-ext class from polymorphic deserialization. IBM watsonx.data is listed as affected (versions 1.0.0–2.0.0 in some bulletins; later bulletins s...

9.8CVSS9.8AI score0.12679EPSS
CVE
CVE
added 2019/08/29 12:0 a.m.228 views

CVE-2019-12402

CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...

7.5CVSS7.1AI score0.16157EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.222 views

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

9.8CVSS9.8AI score0.09682EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.86 views

CVE-2017-10273

CVE-2017-10273: Oracle JDeveloper in Oracle Fusion Middleware Deployment is affected by a directory traversal vulnerability. Affected versions include 11.1.1.7.0/7.1/9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0. The issue allows a high-privilege attacker with logon to compromise JDeveloper, with impac...

4.7CVSS4.5AI score0.01448EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.67 views

CVE-2017-3255

CVE-2017-3255 affects Oracle JDeveloper (ADF Faces within Oracle Fusion Middleware). Affected versions include 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability enables unauthenticated, network-accessible information disclosure over HTTP, pot...

5.8CVSS5.2AI score0.01756EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.66 views

CVE-2016-3504

CVE-2016-3504 is an unspecified vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (versions 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0) that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces. ...

9.8CVSS8.4AI score0.03473EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.65 views

CVE-2018-2711

CVE-2018-2711 affects the Oracle JDeveloper component of Oracle Fusion Middleware (Security Framework). Affected versions include 11.1.1.2.4, 11.1.1.7.x, 11.1.1.9.0 and 12.1.3.0.0. An unauthenticated attacker with network access via HTTP can exploit this vulnerability to compromise JDeveloper and...

8.2CVSS8.2AI score0.01449EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.60 views

CVE-2005-2291

CVE-2005-2291 : Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 pass the cleartext password as a parameter when starting sqlplus, enabling local users to gain sensitive information. The connected documents confirm the affected products and the root cause (password passed in cleartext as a startup para...

4.6CVSS8.8AI score0.00512EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.57 views

CVE-2019-2899

CVE-2019-2899 affects Oracle JDeveloper and ADF (OAM component) in Oracle Fusion Middleware. Affected versions: 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.3.0. The vulnerability is due to insufficient access control in OAM, allowing a high-privilege attacker with network access via HTTP to compro...

3.5CVSS3.1AI score0.00882EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.56 views

CVE-2005-2292

CVE-2005-2292 : Oracle JDeveloper versions 9.0.4, 9.0.5, and 10.1.2 store cleartext passwords in IDEConnections.xml, XSQLConfig.xml, and settings.xml. The issue allows local users to obtain sensitive information from these configuration files. The connected documents confirm the affected products...

2.1CVSS8.4AI score0.00874EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.52 views

CVE-2008-2623

CVE-2008-2623 affects the Oracle Application Server 10.1.2.3 JDeveloper component. The vulnerability is described as unspecified and affects confidentiality via unknown vectors, with local access as the attack vector and a low impact (C/P I/N/A). The provided sources identify the affected product...

2.1CVSS7.5AI score0.00351EPSS
CVE
CVE
added 2008/10/14 9:0 p.m.47 views

CVE-2008-2588

CVE-2008-2588 affects Oracle Application Server 10.1.2.2, specifically the Oracle JDeveloper component. The vulnerability is described as an unspecified local-privilege issue that could affect confidentiality via unknown vectors. The NVD entry assigns a LOW base score (2.1) with Local attack vect...

2.1CVSS7.8AI score0.00351EPSS