Webcenter_sites - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Webcenter_sites
(Oracle)

Repositories	https://github.com/jquery/jquery
#Vulnerabilities	50

Date	Id	Summary	Products	Score	Patch	Annotated
2018-10-18	CVE-2018-15756	Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of...	Debian_linux, Agile_plm, Communications_brm_\-_elastic_charging_engine, Communications_converged_application_server_\-_service_controller, Communications_diameter_signaling_router, Communications_element_manager, Communications_online_mediation_controller, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_for_fusion_applications, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Goldengate_application_adapters, Healthcare_master_person_index, Identity_manager_connector, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql_enterprise_monitor, Primavera_analytics, Primavera_gateway, Rapid_planning, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_clearance_optimization_engine, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_markdown_optimization, Retail_order_broker, Retail_predictive_application_server, Retail_service_backbone, Retail_xstore_point_of_service, Tape_library_acsls, Webcenter_sites, Weblogic_server, Spring_framework	7.5
2020-01-24	CVE-2020-7226	CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.	Communications_services_gatekeeper, Webcenter_sites, Weblogic_server, Cryptacular	7.5
2020-04-29	CVE-2020-11023	In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.	Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter_server, Application_express, Application_testing_suite, Banking_enterprise_collections, Banking_platform, Communications_analytics, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_revenue_management_and_billing_analytics, Health_sciences_inform, Healthcare_translational_research, Hyperion_financial_reporting, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_human_capital_management_resources, Primavera_gateway, Rest_data_services, Siebel_mobile, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Webcenter_sites, Weblogic_server, Log_correlation_engine	6.1
2021-05-28	CVE-2021-29505	XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.	Debian_linux, Fedora, Snapmanager, Banking_cash_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Business_activity_monitoring, Communications_brm_\-_elastic_charging_engine, Communications_unified_inventory_management, Enterprise_manager_ops_center, Retail_xstore_point_of_service, Webcenter_portal, Webcenter_sites, Xstream	8.8
2019-04-17	CVE-2019-0228	Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.	James, Pdfbox, Fedora, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_virtual_account_management, Communications_messaging_server, Communications_session_report_manager, Hyperion_financial_reporting, Peoplesoft_enterprise_peopletools, Retail_xstore_point_of_service, Webcenter_sites	9.8
2019-07-26	CVE-2019-13990	initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.	Tomee, Apache_batik_mapviewer, Banking_enterprise_originations, Banking_enterprise_product_manufacturing, Banking_payments, Communications_ip_service_activator, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware_mapviewer, Google_guava_mapviewer, Hyperion_infrastructure_technology, Jd_edwards_enterpriseone_orchestrator, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Terracotta_quartz_scheduler_mapviewer, Webcenter_sites, Quartz	9.8
2019-04-22	CVE-2019-5427	c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.	Fedora, C3p0, Communications_ip_service_activator, Communications_session_route_manager, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_private_banking, Hyperion_infrastructure_technology, Retail_xstore_point_of_service, Webcenter_sites	7.5
2021-03-19	CVE-2021-27807	A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.	Pdfbox, Fedora, Banking_trade_finance_process_management, Banking_virtual_account_management, Communications_messaging_server, Communications_session_report_manager, Hyperion_financial_reporting, Outside_in_technology, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Webcenter_sites	5.5
2021-03-19	CVE-2021-27906	A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.	Pdfbox, Fedora, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_virtual_account_management, Communications_messaging_server, Communications_session_report_manager, Hyperion_financial_reporting, Outside_in_technology, Peoplesoft_enterprise_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Webcenter_sites	5.5
2019-10-23	CVE-2019-12415	In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.	Poi, Application_testing_suite, Banking_enterprise_originations, Banking_enterprise_product_manufacturing, Banking_payments, Banking_platform, Big_data_discovery, Communications_diameter_signaling_router_idih\:, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Financial_services_market_risk_measurement_and_management, Flexcube_private_banking, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jdeveloper, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Retail_clearance_optimization_engine, Retail_order_broker, Retail_predictive_application_server, Webcenter_portal, Webcenter_sites	5.5