Oracle: >> Jd Edwards Enterpriseone Tools >> 9.2.6.0 Security Vulnerabilities
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-16
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
CVSS Score
7.6
EPSS Score
0.014
Published
2021-08-12
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVSS Score
7.4
EPSS Score
0.001
Published
2021-08-01
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVSS Score
7.0
EPSS Score
0.004
Published
2021-07-30
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVSS Score
5.8
EPSS Score
0.006
Published
2021-07-13
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CVSS Score
5.9
EPSS Score
0.05
Published
2021-03-30
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVSS Score
7.2
EPSS Score
0.007
Published
2021-02-15
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-02-15
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVSS Score
7.4
EPSS Score
0.024
Published
2020-07-15
Page 5