Lucene search
+L

10 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7251 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.8383EPSS
In wild
CVE
CVE
added 2017/03/15 12:0 a.m.862 views

CVE-2016-7103

CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).

6.1CVSS6AI score0.2258EPSS
In wild
CVE
CVE
added 2021/04/13 6:50 a.m.638 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2021/02/23 1:32 a.m.411 views

CVE-2021-27568

CVE-2021-27568 affects Netplex json-smart-v1 and json-smart-v2 (NumberFormatException uncaught), leading to potential denial of service or exposure of sensitive information when unhandled exceptions occur in the library. Connected IBM advisories confirm the vulnerability in IBM DOORS-related prod...

5.9CVSS6AI score0.02886EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.301 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.244 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.58 views

CVE-2021-2303

CVE-2021-2303 affects Oracle OSS Support Tools, component Diagnostic Assistant, with the vulnerable version prior to 2.12.41. The issue allows a high-privilege attacker, over HTTP from the network, to compromise OSS Support Tools and potentially access all data handled by the tools. ZDI also note...

4.9CVSS4.7AI score0.01451EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.57 views

CVE-2018-2616

CVE-2018-2616 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent, prior to version 2.11.33. An attacker with network access over HTTP and low privileges can take over OSS Support Tools (impacting Confidentiality, Integrity, Availability). Related connections in t...

8.8CVSS8.1AI score0.27068EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.51 views

CVE-2018-2617

CVE-2018-2617 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent of Oracle Support Tools, with versions prior to 2.11.33. The vulnerability allows an unauthenticated, network-accessible attacker to access OSS Support Tools via HTTP, potentially exposing confident...

7.5CVSS6.9AI score0.01767EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.50 views

CVE-2018-2615

Summary of CVE-2018-2615 (Oracle OSS Support Tools – Diagnostic Assistant) Affected product: Oracle OSS Support Tools (Oracle Support Tools) – Diagnostic Assistant subcomponent. Vulnerability: A remote code execution flaw in Diagnostic Assistant present in OSS Support Tools version prior to 2.11....

8.8CVSS8.1AI score0.01396EPSS