Oracle » Financial Services Hedge Management And Ifrs Valuations » 8.0.4 : Security Vulnerabilities, CVEs,
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Max CVSS
6.1
EPSS Score
3.54%
Published
2019-04-20
Updated
2024-02-16
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Max CVSS
6.2
EPSS Score
0.23%
Published
2017-12-01
Updated
2019-04-26
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Max CVSS
9.8
EPSS Score
81.95%
Published
2017-04-17
Updated
2022-04-04
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Max CVSS
6.1
EPSS Score
0.66%
Published
2018-01-18
Updated
2021-01-08
4 vulnerabilities found