Vulnerabilities > Oracle > JD Edwards Enterpriseone Tools > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-23 CVE-2021-20227 A flaw was found in SQLite's SELECT query functionality (src/select.c).
local
low complexity
sqlite oracle
5.5
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.3
2021-01-26 CVE-2021-26272 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
2021-01-26 CVE-2021-26271 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
network
low complexity
apache quarkus oracle netapp
5.3
2020-11-12 CVE-2020-27193 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
network
low complexity
ckeditor oracle CWE-79
6.1
2020-04-29 CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-03-07 CVE-2020-9281 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
network
low complexity
ckeditor fedoraproject drupal oracle CWE-79
6.1