Vulnerabilities > Oracle > Application Testing Suite

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2020-01-15 CVE-2020-2673 Unspecified vulnerability in Oracle Application Testing Suite
Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder).
network
low complexity
oracle
7.5
2020-01-03 CVE-2019-5064 Out-of-bounds Write vulnerability in multiple products
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0.
network
low complexity
opencv oracle CWE-787
8.8
2020-01-03 CVE-2019-5063 Out-of-bounds Write vulnerability in multiple products
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0.
network
low complexity
opencv oracle CWE-787
8.8
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
9.8
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-10-23 CVE-2019-12415 XXE vulnerability in multiple products
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
local
low complexity
apache oracle CWE-611
5.5
2019-10-16 CVE-2019-2904 Unspecified vulnerability in Oracle products
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle
critical
9.8