CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10315
https://notcve.org/view.php?id=CVE-2017-10315
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnera... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10333
https://notcve.org/view.php?id=CVE-2017-10333
19 Oct 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. While the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3264
https://notcve.org/view.php?id=CVE-2017-3264
27 Jan 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 3.1 (Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3325
https://notcve.org/view.php?id=CVE-2017-3325
27 Jan 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can resul... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3330
https://notcve.org/view.php?id=CVE-2017-3330
27 Jan 2017 — Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can re... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 1CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
09 Dec 2016 — Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to ... • http://rhn.redhat.com/errata/RHSA-2016-2932.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5450
https://notcve.org/view.php?id=CVE-2016-5450
21 Jul 2016 — Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI. Vulnerabilidad no especificada en el componente Siebel UI Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a atacantes remotos afectar la integridad a través de vectores relacionadods con UIF Open UI. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5451
https://notcve.org/view.php?id=CVE-2016-5451
21 Jul 2016 — Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468. Vulnerabilidad no especificada en el componente Siebel UI Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores relacio... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5463
https://notcve.org/view.php?id=CVE-2016-5463
21 Jul 2016 — Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464. Vulnerabilidad no especificada en el componente Siebel UI Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios remotos autenticados afectar la integridad a través de vectores relacionados con SWSE Server, una vulnera... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •