CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2946
https://notcve.org/view.php?id=CVE-2018-2946
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. S... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2947
https://notcve.org/view.php?id=CVE-2018-2947
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.5 (Confidentialit... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2948
https://notcve.org/view.php?id=CVE-2018-2948
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. S... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2949
https://notcve.org/view.php?id=CVE-2018-2949
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. S... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2950
https://notcve.org/view.php?id=CVE-2018-2950
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. S... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2999
https://notcve.org/view.php?id=CVE-2018-2999
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. S... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3006
https://notcve.org/view.php?id=CVE-2018-3006
18 Jul 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. S... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2018-8013 – Gentoo Linux Security Advisory 202401-11
https://notcve.org/view.php?id=CVE-2018-8013
24 May 2018 — In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. En Apache Batik en versiones 1.x anteriores a la 1.10, cuando se deserializa la subclase de "AbstractDocument", la clase toma una cadena de inputStream como el nombre de clase y lo emplea para llamar al constructor no-arg ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 8%CPEs: 81EXPL: 3CVE-2015-9251 – jquery: Cross-site scripting via cross-domain ajax requests
https://notcve.org/view.php?id=CVE-2015-9251
18 Jan 2018 — jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applic... • https://github.com/halkichi0308/CVE-2015-9251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2658
https://notcve.org/view.php?id=CVE-2018-2658
18 Jan 2018 — Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional product... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •