CVSS: 9.8EPSS: 14%CPEs: 58EXPL: 0CVE-2018-14718 – jackson-databind: arbitrary code execution in slf4j-ext class
https://notcve.org/view.php?id=CVE-2018-14718
02 Jan 2019 — FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes remotos ejecutar código arbitrario aprovechando un fallo para bloquear la clase slf4j-ext de deserialización polimórfica. A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malic... • http://www.securityfocus.com/bid/106601 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 2%CPEs: 76EXPL: 1CVE-2018-8032
https://notcve.org/view.php?id=CVE-2018-8032
02 Aug 2018 — Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis en versiones 1.x hasta la 1.4 (incluida) es vulnerable a un ataque de Cross-Site Scripting (XSS) en el servlet/services por defecto. • https://github.com/cairuojin/CVE-2018-8032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 1%CPEs: 2EXPL: 0CVE-2017-10263
https://notcve.org/view.php?id=CVE-2017-10263
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnera... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2017-10264
https://notcve.org/view.php?id=CVE-2017-10264
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel UI Framework. CVSS 3.0 Base Score 5.3 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10302
https://notcve.org/view.php?id=CVE-2017-10302
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnera... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10315
https://notcve.org/view.php?id=CVE-2017-10315
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnera... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10333
https://notcve.org/view.php?id=CVE-2017-10333
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. While the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 1CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
09 Dec 2016 — Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to ... • http://rhn.redhat.com/errata/RHSA-2016-2932.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5450
https://notcve.org/view.php?id=CVE-2016-5450
21 Jul 2016 — Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI. Vulnerabilidad no especificada en el componente Siebel UI Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a atacantes remotos afectar la integridad a través de vectores relacionadods con UIF Open UI. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5451
https://notcve.org/view.php?id=CVE-2016-5451
21 Jul 2016 — Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468. Vulnerabilidad no especificada en el componente Siebel UI Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores relacio... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •