CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 4CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3475
https://notcve.org/view.php?id=CVE-2016-3475
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console. Vulnerabilidad no especificada en el componente Oracle Knowledge en Oracle Siebel CRM 8.5.x permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Information Manager Console. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91944 http://www.securitytracker.com/id/1036400 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3476
https://notcve.org/view.php?id=CVE-2016-3476
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console. Vulnerabilidad no especificada en el componente Oracle Knowledge en Oracle Siebel CRM 8.5.x permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con Information Manager Console. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91948 http://www.securitytracker.com/id/1036400 •