Check CVE Id
Check CWE Id
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 184.108.40.206 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.
Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 220.127.116.11; EM DB Control 10.2.0.4, 10.2.0.5, 18.104.22.168, 22.214.171.124, and 126.96.36.199; and EM Plugin for DB 188.8.131.52 and 184.108.40.206 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to Schema Management.
Unspecified vulnerability in the Config Management component in (1) Oracle Database 220.127.116.11 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1966.
Unspecified vulnerability in the Config Management component in (1) Oracle Database 18.104.22.168 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1967.
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 22.214.171.124, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.
Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 126.96.36.199 has unknown impact and remote attack vectors, aka EM01.
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.
Back to Top