CPE Details
Oracle Communications Application Session Controller 3.8m0
3.8m0
2020-12-28
11h31 +00:00
11h31 +00:00
2020-12-28
11h31 +00:00
11h31 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
Informations
Vendor
oracleProduct
communications_application_session_controllerVersion
3.8m0Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | 6.9 |
Medium |
||
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | 6.1 |
Medium |
||
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | 5 |
|||
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | 5.9 |
Medium |
2025©
tesweb SA
