Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account...
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access...
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP...
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Date published : 2020-07-15 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792 http://www.openwall.com/lists/oss-security/2020/07/15/5
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. Date published : 2020-07-15 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1915 http://www.openwall.com/lists/oss-security/2020/07/15/5
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. Date published : 2020-07-15 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1909 http://www.openwall.com/lists/oss-security/2020/07/15/5
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. Date published...
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. Date...
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the ‘href’ attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. Date...
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the ‘Keep this build forever’ badge tooltip, resulting in a stored cross-site scripting vulnerability. Date published : 2020-07-15 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902...
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Date published : 2020-07-15...