Filtered by vendor Oracle
Subscriptions
Filtered by product Banking Enterprise Default Management
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29425 | 5 Apache, Debian, Netapp and 2 more | 69 Commons Io, Debian Linux, Active Iq Unified Manager and 66 more | 2024-11-21 | 4.8 Medium |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | ||||
| CVE-2020-9281 | 4 Ckeditor, Drupal, Fedoraproject and 1 more | 11 Ckeditor, Drupal, Fedora and 8 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | ||||
| CVE-2020-6950 | 3 Eclipse, Oracle, Redhat | 14 Mojarra, Banking Enterprise Default Management, Banking Platform and 11 more | 2024-11-21 | 6.5 Medium |
| Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. | ||||