Rest Data Services Security Vulnerabilities and Issues — Rest Data Services CVE List

Lucene search

OracleRest Data Services

12 matches found

CVE•added 2021/10/26 3:15 p.m.•769 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS ...

6.5CVSS6.5AI score0.26281EPSS

Web

CVE•added 2021/10/26 3:15 p.m.•636 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now trea...

6.5CVSS6.4AI score0.26482EPSS

CVE•added 2021/04/13 7:15 a.m.•583 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal),...

5.8CVSS6.7AI score0.00356EPSS

In wild

CVE•added 2021/10/26 3:15 p.m.•554 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now alway...

6.5CVSS6.5AI score0.02663EPSS

CVE•added 2021/04/01 3:15 p.m.•526 views

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

7.8CVSS7.3AI score0.10227EPSS

CVE•added 2021/06/09 2:15 a.m.•436 views

CVE-2021-28169

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2,

5.3CVSS5.2AI score0.92092EPSS

In wildWeb

CVE•added 2021/07/15 5:15 p.m.•358 views

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

5.3CVSS5.4AI score0.93799EPSS

CVE•added 2021/02/26 10:15 p.m.•356 views

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those qual...

5.3CVSS5.2AI score0.28074EPSS

CVE•added 2021/06/22 3:15 p.m.•355 views

CVE-2021-34428

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2,

3.6CVSS3.9AI score0.00557EPSS

In wild

CVE•added 2021/07/19 2:15 p.m.•76 views

CVE-2021-32013

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).

5.5CVSS5.5AI score0.00212EPSS

CVE•added 2021/07/19 2:15 p.m.•72 views

CVE-2021-32012

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).

5.5CVSS5.4AI score0.00212EPSS

CVE•added 2021/07/19 2:15 p.m.•69 views

CVE-2021-32014

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.

5.5CVSS5.4AI score0.00212EPSS