Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Moderate
CVE-2015-9251
Disclosure Date: January 18, 2018 (last updated November 08, 2023)
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6
Attacker Value
Low
CVE-2019-11358
Disclosure Date: April 20, 2019 (last updated February 17, 2024)
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6
Attacker Value
Unknown
CVE-2021-45105
Disclosure Date: December 18, 2021 (last updated February 23, 2025)
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
0
Attacker Value
Unknown
CVE-2021-2351
Disclosure Date: July 21, 2021 (last updated February 23, 2025)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/A…
0
Attacker Value
Unknown
CVE-2019-10219
Disclosure Date: November 08, 2019 (last updated November 08, 2023)
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
0
Attacker Value
Unknown
CVE-2019-10086
Disclosure Date: August 20, 2019 (last updated November 08, 2023)
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
0
Attacker Value
Unknown
CVE-2018-1258
Disclosure Date: May 11, 2018 (last updated November 26, 2024)
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
0
Attacker Value
Unknown
CVE-2017-5645
Disclosure Date: April 17, 2017 (last updated November 08, 2023)
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
0
Attacker Value
Unknown
CVE-2007-5576
Disclosure Date: October 18, 2007 (last updated October 04, 2023)
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
0
Attacker Value
Unknown
CVE-2007-2705
Disclosure Date: May 16, 2007 (last updated October 04, 2023)
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
0