10 matches found
CVE-2020-11023
The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...
CVE-2016-7103
CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2021-27568
CVE-2021-27568 affects Netplex json-smart-v1 and json-smart-v2 (NumberFormatException uncaught), leading to potential denial of service or exposure of sensitive information when unhandled exceptions occur in the library. Connected IBM advisories confirm the vulnerability in IBM DOORS-related prod...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2021-2351
CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...
CVE-2021-2303
CVE-2021-2303 affects Oracle OSS Support Tools, component Diagnostic Assistant, with the vulnerable version prior to 2.12.41. The issue allows a high-privilege attacker, over HTTP from the network, to compromise OSS Support Tools and potentially access all data handled by the tools. ZDI also note...
CVE-2018-2616
CVE-2018-2616 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent, prior to version 2.11.33. An attacker with network access over HTTP and low privileges can take over OSS Support Tools (impacting Confidentiality, Integrity, Availability). Related connections in t...
CVE-2018-2617
CVE-2018-2617 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent of Oracle Support Tools, with versions prior to 2.11.33. The vulnerability allows an unauthenticated, network-accessible attacker to access OSS Support Tools via HTTP, potentially exposing confident...
CVE-2018-2615
Summary of CVE-2018-2615 (Oracle OSS Support Tools – Diagnostic Assistant) Affected product: Oracle OSS Support Tools (Oracle Support Tools) – Diagnostic Assistant subcomponent. Vulnerability: A remote code execution flaw in Diagnostic Assistant present in OSS Support Tools version prior to 2.11....