Middleware Common Libraries And Tools@12.2.1.3.0 Security Vulnerabilities and Issues — Middleware Common Libraries And Tools@12.2.1.3.0 CVE List

Lucene search

OracleMiddleware Common Libraries And Tools12.2.1.3.0

5 matches found

CVE•added 2021/08/18 3:15 p.m.•449 views

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancell...

7.5CVSS7.3AI score0.00505EPSS

CVE•added 2021/10/18 3:15 p.m.•296 views

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

9.8CVSS9.2AI score0.00875EPSS

CVE•added 2021/01/14 3:15 p.m.•274 views

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

9.1CVSS9.3AI score0.00322EPSS

CVE•added 2021/07/12 12:15 p.m.•227 views

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

6.5CVSS6.9AI score0.00229EPSS

CVE•added 2021/07/19 3:15 p.m.•115 views

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

6.1CVSS5.9AI score0.00331EPSS