Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Product filter

Jd Edwards Enterpriseone Tools Subscribe

Filter

30 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8013 4 Apache, Canonical, Debian and 1 more 20 Batik, Ubuntu Linux, Debian Linux and 17 more 2019-05-15 7.5
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type...
CVE-2015-9251 2 Jquery, Oracle 40 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 37 more 2019-05-10 4.3
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2018-12023 3 Fasterxml, Oracle, Fedoraproject 19 Jackson-databind, Banking Platform, Communications Billing And Revenue Management and 16 more 2019-05-09 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can...
CVE-2018-12022 3 Fasterxml, Fedoraproject, Oracle 4 Jackson-databind, Fedora, Jd Edwards Enterpriseone Tools and 1 more 2019-05-09 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework)...
CVE-2017-15707 3 Apache, Netapp, Oracle 12 Struts, Oncommand Balance, Agile Plm Framework and 9 more 2019-04-26 5.0
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
CVE-2017-3730 2 Openssl, Oracle 7 Openssl, Agile Engineering Data Management, Communications Application Session Controller and 4 more 2019-04-25 5.0
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a...
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 57 Log4j, Oncommand Api Services, Oncommand Insight and 54 more 2019-04-25 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2019-2564 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-04-24 4.0
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2018-2946 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-2945 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-2947 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 4.0
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2018-2948 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-2944 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 5.0
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated...
CVE-2018-2949 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-2950 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-20 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-2999 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-18 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-3006 1 Oracle 1 Jd Edwards Enterpriseone Tools 2019-03-15 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2015-1793 2 Openssl, Oracle 4 Jd Edwards Enterpriseone Tools, Opus 10g Ethernet Switch Family, Supply Chain Products Suite and 1 more 2018-11-30 6.4
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote...
CVE-2018-2658 1 Oracle 1 Jd Edwards Enterpriseone Tools 2018-01-26 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-2659 1 Oracle 1 Jd Edwards Enterpriseone Tools 2018-01-25 5.8
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with...