Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: SchemaSpy Maven Plugin

nl.geodienstencentrum.maven:schemaspy-maven-plugin:5.2.2-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
animal-sniffer-annotations-1.14.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14 023
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
checker-compat-qual-2.0.0.jarpkg:maven/org.checkerframework/checker-compat-qual@2.0.0 074
checker-qual-3.5.0.jarpkg:maven/org.checkerframework/checker-qual@3.5.0 060
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest170
commons-chain-1.1.jarpkg:maven/commons-chain/commons-chain@1.1 075
commons-codec-1.11.jarpkg:maven/commons-codec/commons-codec@1.11 0105
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest86
commons-digester-1.8.jarpkg:maven/commons-digester/commons-digester@1.8 090
commons-lang-2.4.jarpkg:maven/commons-lang/commons-lang@2.4 0104
commons-lang3-3.8.1.jarpkg:maven/org.apache.commons/commons-lang3@3.8.1 0142
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-text-1.3.jarcpe:2.3:a:apache:commons_text:1.3:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.3 0Highest69
derby-10.14.2.0.jarcpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.14.2.0 0Highest26
dom4j-1.1.jarcpe:2.3:a:dom4j_project:dom4j:1.1:*:*:*:*:*:*:*pkg:maven/dom4j/dom4j@1.1CRITICAL2Highest17
doxia-core-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-core@1.11.1 026
doxia-decoration-model-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-decoration-model@1.11.1 026
doxia-integration-tools-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-integration-tools@1.11.1 028
doxia-logging-api-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-logging-api@1.11.1 028
doxia-module-xhtml-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-module-xhtml@1.11.1 028
doxia-module-xhtml5-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-module-xhtml5@1.11.1 028
doxia-sink-api-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-sink-api@1.11.1 028
doxia-site-renderer-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1 026
doxia-skin-model-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-skin-model@1.11.1 026
error_prone_annotations-2.1.3.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.1.3 024
google-collections-1.0.jarpkg:maven/com.google.collections/google-collections@1.0 029
guava-25.1-android.jarcpe:2.3:a:google:guava:25.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@25.1-androidLOW1Highest25
guice-4.2.2-no_aop.jarpkg:maven/com.google.inject/guice@4.2.2 034
hsqldb-2.7.1.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.1:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.1 0Low47
httpclient-4.5.13.jarcpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 0Highest32
httpcore-4.4.14.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.14 032
j2objc-annotations-1.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.1 024
javax.annotation-api-1.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.2 044
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jquery.jspkg:javascript/jquery@1.4.2MEDIUM63
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
maven-artifact-3.8.7.jarpkg:maven/org.apache.maven/maven-artifact@3.8.7 026
maven-builder-support-3.8.7.jarpkg:maven/org.apache.maven/maven-builder-support@3.8.7 024
maven-core-3.8.7.jarcpe:2.3:a:apache:maven:3.8.7:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.8.7 0Highest24
maven-model-3.8.7.jarpkg:maven/org.apache.maven/maven-model@3.8.7 026
maven-model-builder-3.8.7.jarpkg:maven/org.apache.maven/maven-model-builder@3.8.7 032
maven-plugin-annotations-3.7.1.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.7.1 026
maven-plugin-api-3.8.7.jarpkg:maven/org.apache.maven/maven-plugin-api@3.8.7 026
maven-reporting-api-3.1.1.jarpkg:maven/org.apache.maven.reporting/maven-reporting-api@3.1.1 035
maven-reporting-impl-3.2.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0 035
maven-repository-metadata-3.8.7.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.8.7 026
maven-resolver-api-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.6.3 037
maven-resolver-impl-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.6.3 034
maven-resolver-provider-3.8.7.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.8.7 026
maven-resolver-spi-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.6.3 034
maven-resolver-util-1.6.3.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.6.3 040
maven-settings-3.8.7.jarpkg:maven/org.apache.maven/maven-settings@3.8.7 026
maven-settings-builder-3.8.7.jarpkg:maven/org.apache.maven/maven-settings-builder@3.8.7 026
maven-shared-utils-3.3.4.jarcpe:2.3:a:apache:maven_shared_utils:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.3.4:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.3.4MEDIUM1Highest29
mssql-jdbc-11.2.1.jre8.jarcpe:2.3:a:www-sql_project:www-sql:11.2.1.jre8:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@11.2.1
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@11.2.1.jre8		 0Highest37
mysql-connector-java-8.0.30.jarcpe:2.3:a:mysql:mysql:8.0.30:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.0.30:*:*:*:*:*:*:*		pkg:maven/mysql/mysql-connector-java@8.0.30 0Highest44
ojdbc8-21.8.0.0.jarcpe:2.3:a:oracle:jdbc:21.8.0.0:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc8@21.8.0.0 0Highest32
org.eclipse.sisu.inject-0.3.5.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.3.5 029
org.eclipse.sisu.plexus-0.3.5.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.3.5 028
oro-2.0.8.jarpkg:maven/oro/oro@2.0.8 016
plexus-cipher-2.0.jarpkg:maven/org.codehaus.plexus/plexus-cipher@2.0 020
plexus-classworlds-2.6.0.jarpkg:maven/org.codehaus.plexus/plexus-classworlds@2.6.0 028
plexus-component-annotations-2.1.0.jarpkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0 027
plexus-container-default-2.1.0.jarpkg:maven/org.codehaus.plexus/plexus-container-default@2.1.0 024
plexus-i18n-1.0-beta-10.jarpkg:maven/org.codehaus.plexus/plexus-i18n@1.0-beta-10 024
plexus-interpolation-1.26.jarpkg:maven/org.codehaus.plexus/plexus-interpolation@1.26 027
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0 0Highest20
plexus-utils-3.5.0.jarcpe:2.3:a:plexus-utils_project:plexus-utils:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.5.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@3.5.0MEDIUM1Highest26
plexus-velocity-1.2.jarpkg:maven/org.codehaus.plexus/plexus-velocity@1.2 025
postgresql-42.5.1.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.5.1:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.5.1 0Low71
protobuf-java-3.19.4.jarcpe:2.3:a:google:protobuf-java:3.19.4:*:*:*:*:*:*:*pkg:maven/com.google.protobuf/protobuf-java@3.19.4HIGH3Highest27
schemaSpy.js 00
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
velocity-1.7.jarcpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity@1.7HIGH1Low76
velocity-tools-2.0.jarcpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity-tools@2.0MEDIUM1Highest76
xbean-reflect-3.7.jarpkg:maven/org.apache.xbean/xbean-reflect@3.7 025

Dependencies

animal-sniffer-annotations-1.14.jar

File Path: /var/m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jar
MD5: 9d42e46845c874f1710a9f6a741f6c14
SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5
SHA256:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /var/m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

checker-compat-qual-2.0.0.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker

License:

GNU General Public License, version 2 (GPL2), with the classpath exception: http://www.gnu.org/software/classpath/license.html
The MIT License: http://opensource.org/licenses/MIT
File Path: /var/m2/repository/org/checkerframework/checker-compat-qual/2.0.0/checker-compat-qual-2.0.0.jar
MD5: b6fb2610dacd211a3e2c3d8af1b60d0f
SHA1: fc89b03860d11d6213d0154a62bcd1c2f69b9efa
SHA256:a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

checker-qual-3.5.0.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.

        Please
        see artifact:
        org.checkerframework:checker

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /var/m2/repository/org/checkerframework/checker-qual/3.5.0/checker-qual-3.5.0.jar
MD5: 4464def1ed5c10f248ebfe1bccbedf1a
SHA1: 2f50520c8abea66fbd8d26e481d3aef5c673b510
SHA256:729990b3f18a95606fc2573836b6958bcdb44cb52bfbd1b7aa9c339cff35a5a4
Referenced In Project/Scope:SchemaSpy Maven Plugin:runtime

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-chain-1.1.jar

Description:

An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /var/m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
SHA256:e408f72da5ed4c5db6ae19e8c3b7ee36259c36c05f7a77f15509a014bfe7bcaa
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-codec-1.11.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
MD5: 567159b1ae257a43e1391a8f59d24cfe
SHA1: 3acb4705652e16236558f0f4f2192cc33c3bd189
SHA256:e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-digester-1.8.jar

Description:

The Digester package lets you configure an XML->Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /var/m2/repository/commons-digester/commons-digester/1.8/commons-digester-1.8.jar
MD5: cf89c593f0378e9509a06fce7030aeba
SHA1: dc6a73fdbd1fa3f0944e8497c6c872fa21dca37e
SHA256:05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-lang-2.4.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
SHA256:2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-lang3-3.8.1.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
MD5: 540b1256d887a6993ecbef23371a3302
SHA1: 6505a72a097d9270f7a9e7bf42c4238283247755
SHA256:dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

commons-text-1.3.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/org/apache/commons/commons-text/1.3/commons-text-1.3.jar
MD5: e12b93c4a7fa6326e8afe557243c8651
SHA1: 9abf61708a66ab5e55f6169a200dbfc584b546d9
SHA256:8185b3a5311092d83ed1f184c2d093b3105d726bbd76867c32b3511542bb99a8
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

derby-10.14.2.0.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /var/m2/repository/org/apache/derby/derby/10.14.2.0/derby-10.14.2.0.jar
MD5: 3ddcc1d435344d39d0122dbc2f39a746
SHA1: 7efad40ef52fbb1f08142f07a83b42d29e47d8ce
SHA256:2c40eb581e5221ab33c7c796979b49ce404e7e393357c58f7bcdb30a09efca72
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

dom4j-1.1.jar

File Path: /var/m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
SHA256:50bd5c21b5fbd27b8bbb5f8050544b53f49a4480fd347ce9c46d55c706015156
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

CVE-2020-10683  

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1000632 (OSSINDEX)  

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:dom4j:dom4j:1.1:*:*:*:*:*:*:*

doxia-core-1.11.1.jar

Description:

Doxia core classes and interfaces.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.jar
MD5: a5f49cc5f7dadd2fa104974dfa3a6766
SHA1: 0b0438a61c2c1208b4d2e2b38241478383dd758b
SHA256:d79801594566bdd7168b1adf927c3cc40cf17a95dd4480b4151e45eb30128cd7
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-decoration-model-1.11.1.jar

Description:

The Decoration Model handles the decoration descriptor for sites, also known as site.xml.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.jar
MD5: 927ed3e7c39b6fed77875ed385b63447
SHA1: 1e10f4e9268b49edf40bca721eef07271bc91de5
SHA256:411fc167774f2e3573f280c57a278fbe7bae677ee596a8ad24bd6c6bb2c5bbce
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-integration-tools-1.11.1.jar

Description:

A collection of tools to help the integration of Doxia Sitetools in Maven plugins.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.jar
MD5: 1f3abb6a2c7c65b6f68f3ad45a76b3f5
SHA1: fdc4c4f29d10b0e2b5b9d7f9eea16812d496e478
SHA256:eee789dcb86f37f290c6c22198ea56bf529edf21590294e549a77a490ed21dbe
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-logging-api-1.11.1.jar

Description:

Doxia Logging API.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-logging-api/1.11.1/doxia-logging-api-1.11.1.jar
MD5: 6452e33a36b87939630e0b18f8ffcff0
SHA1: ee28757cce6ee0215bac550dead25074c97c532d
SHA256:243c66f842cd2b3ded7c6d2c36b177a65c3f5d94800cef988ba3e29ec8cf60c9
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-module-xhtml-1.11.1.jar

Description:

    A Doxia module for Xhtml source documents.
    Xhtml format is supported both as source and target formats.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.jar
MD5: 82c4cfb79b666b922e1a8cf7b919df22
SHA1: f1b755a09934cd9c51d87b606c8e8ddf07719ebf
SHA256:3d298e2da1e11dba952cf4e5d750fafc41713470767b57c4f6969123c0892a23
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-module-xhtml5-1.11.1.jar

Description:

    A Doxia module for Xhtml5 source documents.
    Xhtml5 format is supported both as source and target formats.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.jar
MD5: 37208526e7ed1051bc8c7f8dc076e5c9
SHA1: e4ee721555ff063d7ef9042d6b9237386c6b33e0
SHA256:3583ae17f9ae97db41da038dc67552a386e7a9f850f45fa6fdb0d2b9ef36a31c
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-sink-api-1.11.1.jar

Description:

Doxia Sink API.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-sink-api/1.11.1/doxia-sink-api-1.11.1.jar
MD5: b1bd5c9efde9f14969fa881b87fe709b
SHA1: 59c2255f58c78fbbcb7e638e82bd2914e78aec8b
SHA256:39ac38bb7d752ea003be17a0065522e4e1b076a4f7e374bea55259f3e133f28f
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-site-renderer-1.11.1.jar

Description:

The Site Renderer handles the rendering of sites, merging site decoration with document content.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.jar
MD5: 871abead02f713fb9c02d5ba36f65bf7
SHA1: 414e3b2049aa6f6710ecca4fa905d9d2ce318773
SHA256:f279a087910d3e0728daad9114da8f3211cfb49b5e8457d05ee9ee5f04284527
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

doxia-skin-model-1.11.1.jar

Description:

The Skin Model defines metadata for Doxia Sitetools skins.

File Path: /var/m2/repository/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.jar
MD5: 6fa7b3005dad9f4b285a889b3b68d8aa
SHA1: b6994a60da09eb429c01362e9a6a510e0f83d24e
SHA256:5337efbe45413d24b71422d145062f84bde96271dab9f3a5caa3fab461974bf4
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

error_prone_annotations-2.1.3.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/com/google/errorprone/error_prone_annotations/2.1.3/error_prone_annotations-2.1.3.jar
MD5: 97504b36cf871722d81a4b9e114f2a16
SHA1: 39b109f2cd352b2d71b52a3b5a1a9850e1dc304b
SHA256:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

google-collections-1.0.jar

Description:

Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/com/google/collections/google-collections/1.0/google-collections-1.0.jar
MD5: 7c882c8d734e50112000e4a88e06c535
SHA1: 9ffe71ac6dcab6bc03ea13f5c2e7b2804e69b357
SHA256:81b8d638af0083c4b877099d56aa0fee714485cd2ace1b6a09cab867cadb375d
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

guava-25.1-android.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/com/google/guava/guava/25.1-android/guava-25.1-android.jar
MD5: b506eaec680c6d92d5f063fa1d57956d
SHA1: bdaab946ca5ad20253502d873ba0c3313d141036
SHA256:f7b8f8fed176b9cf6831b98cb07320d7fbe91d99b29999f752c3821dfe45bdc8
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

guice-4.2.2-no_aop.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/com/google/inject/guice/4.2.2/guice-4.2.2-no_aop.jar
MD5: 57d2b333c34d0f834189d54b6e59d1a6
SHA1: fa13659f9128f4c011c8e1d06f137083b4876377
SHA256:0f4f5fb28609a4d2b38b7f7128be7cf9b541f25283d71b4e56066d99683aafff
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

hsqldb-2.7.1.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /var/m2/repository/org/hsqldb/hsqldb/2.7.1/hsqldb-2.7.1.jar
MD5: cc960ec33d04364a280ea9eba088300e
SHA1: 9ffb617125371538a32eb9ba1cb2fa743b2c993b
SHA256:bca5532a4c58babf9fcebf20d03f086f5ba24b076c3aaf8838a16512235e53ca
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: /var/m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

httpcore-4.4.14.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /var/m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar
MD5: 2b3991eda121042765a5ee299556c200
SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1
SHA256:f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

j2objc-annotations-1.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /var/m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

jquery.js

File Path: /home/mprins/workspace/schemaspy-maven-plugin/src/main/resources/jquery.js
MD5: 10092eee563dec2dca82b77d2cf5a1ae
SHA1: 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
SHA256:e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
Referenced In Project/Scope:SchemaSpy Maven Plugin

Identifiers

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2011-4969  

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2
  • cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-artifact-3.8.7.jar

File Path: /var/m2/repository/org/apache/maven/maven-artifact/3.8.7/maven-artifact-3.8.7.jar
MD5: 4c2a8316eda726b35c9ae90b7c271dd4
SHA1: 4b820734b856682f99f6ad2de4f1f7dd4b82335f
SHA256:23eb1c5c26f3d1b4694647b071beabfd96083191b006394707753af2ced8db01
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-builder-support-3.8.7.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: /var/m2/repository/org/apache/maven/maven-builder-support/3.8.7/maven-builder-support-3.8.7.jar
MD5: cc8109dff7ba2acd5d574e2059ca0fed
SHA1: d98ac7f943fe6e18205e15b92f86d1fef753f933
SHA256:26b4653545ecc3f039982b2c8f13bc2a6e0e0fa1372c041bd451946cc37a59c1
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-core-3.8.7.jar

Description:

Maven Core classes.

File Path: /var/m2/repository/org/apache/maven/maven-core/3.8.7/maven-core-3.8.7.jar
MD5: 32b745c36028b16f14996b56cad0c3c0
SHA1: 7ae5d5ef206ed50b18b01ba405b5ad47387ef195
SHA256:c767facd54ab8f6eea972ccfa9c1d3f3a5daa210ff3353c98ad023f520562940
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-model-3.8.7.jar

Description:

Model for Maven POM (Project Object Model)

File Path: /var/m2/repository/org/apache/maven/maven-model/3.8.7/maven-model-3.8.7.jar
MD5: 91c8c6b449ca34033832f268df64873b
SHA1: a6a1f77aa36d158c8ec7917112192083b9467cd4
SHA256:6fcadaee2a885c43b158f2e3833d0a3ecb68efc62e25ea5b11f77cc0716a7b2d
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-model-builder-3.8.7.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: /var/m2/repository/org/apache/maven/maven-model-builder/3.8.7/maven-model-builder-3.8.7.jar
MD5: c22abd419db50518190fe557a06c152d
SHA1: d2fd892b20bd945b441607a7d49adfd1fc133e31
SHA256:f1c47b4a29d3267532c6a1e499f0ccd5307b321a97e985af4573138ea5cdeb69
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-plugin-annotations-3.7.1.jar

Description:

Java annotations to use in Mojos

File Path: /var/m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.7.1/maven-plugin-annotations-3.7.1.jar
MD5: 9aabaaa9db49754570d30311080251df
SHA1: d0c7597a6fde5e2f428d5149ae4767cbd71d3bc1
SHA256:08fa5ddf3405e76a6937b6e46ae14f4dbaa0efe80d42f1af02e8746a52962c47
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-plugin-api-3.8.7.jar

Description:

The API for plugins - Mojos - development.

File Path: /var/m2/repository/org/apache/maven/maven-plugin-api/3.8.7/maven-plugin-api-3.8.7.jar
MD5: b1cc5a8fda5211df27c48c9e644255aa
SHA1: 80c6ba199912c82627c11bc65ba81a6d21bd172f
SHA256:4f084b22f76f14eb8a795101fb83627ff11b6f2c7cb17f400d54322e7d000f74
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-reporting-api-3.1.1.jar

Description:

API to manage report generation.

File Path: /var/m2/repository/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.jar
MD5: 1e1e0b2f189c861995e33a2a746501bb
SHA1: 74ca00a13e46d065071cdf6376d7d231e0208916
SHA256:25be6603c97d28fa3dcd122073054271c8fcaf667d220dce7a26a61a6f3cffd1
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

maven-reporting-impl-3.2.0.jar

Description:

Abstract classes to manage report generation.

File Path: /var/m2/repository/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.jar
MD5: 468bb08c4330fd7647405b33edf769be
SHA1: 97ffee6a6c3f81e341f42f641651a37f077759c6
SHA256:28f42c2f49f11dcba6d14ab3e365375442a9ed78ca2ec588e3e1f43455a4a14d
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

maven-repository-metadata-3.8.7.jar

Description:

Per-directory local and remote repository metadata.

File Path: /var/m2/repository/org/apache/maven/maven-repository-metadata/3.8.7/maven-repository-metadata-3.8.7.jar
MD5: 9300bb51021bcc2558fee4deb19c3ec5
SHA1: 42f7cc6120c8a755ed8c3c3bb5dcd5366d2e11ee
SHA256:ae07c180da5ae7784915cf3980e90de361ea4d1bc5337b969694f50339efd9e1
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-resolver-api-1.6.3.jar

Description:

    The application programming interface for the repository system.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /var/m2/repository/org/apache/maven/resolver/maven-resolver-api/1.6.3/maven-resolver-api-1.6.3.jar
MD5: c1f8b0046b6219ef49dbd73638ce33e2
SHA1: 5ee235aa5ac5994b5dc847f8e78ffe9d77dd55d7
SHA256:d0b28ed944058ba4f9be4b54c25d6d5269cc4f3f3c49aa450d4dc2f7e0d552f6
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-resolver-impl-1.6.3.jar

Description:

    An implementation of the repository system.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /var/m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.6.3/maven-resolver-impl-1.6.3.jar
MD5: 2145b5eb9ddd8bdf9f3171122c703d4b
SHA1: 2714ffe60bd71259a41b3e4816122504b5f2db93
SHA256:17aaebe6e3e59df8cb5b4ec210196f7084637312b9bc4ff14cb77ad1ae3c381b
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-resolver-provider-3.8.7.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: /var/m2/repository/org/apache/maven/maven-resolver-provider/3.8.7/maven-resolver-provider-3.8.7.jar
MD5: 8d4cd6c9ee7a714ea2e0dd9456c3318a
SHA1: 6de6ce43ddd256a9edd02b5f74961181a961816a
SHA256:98a5f43a2988078558cc22f8641124c74572dd9e600bc7d7db7de9ae88cc11ba
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-resolver-spi-1.6.3.jar

Description:

    The service provider interface for repository system implementations and repository connectors.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /var/m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.6.3/maven-resolver-spi-1.6.3.jar
MD5: 39ccba873cf05b2b5405d24a55133a37
SHA1: 176425f73fe768bf9cdb8b5a742e7a00c1d8d178
SHA256:17441a39045ac19bc4a8068fb7284facebf6337754bf2bf8f26a76b5f98ed108
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-resolver-util-1.6.3.jar

Description:

    A collection of utility classes to ease usage of the repository system.

License:

"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /var/m2/repository/org/apache/maven/resolver/maven-resolver-util/1.6.3/maven-resolver-util-1.6.3.jar
MD5: 71d7fea851a889aae2cfd632e96d01c1
SHA1: 07d5a6879037b34c61c2f527dfcfb59084e86ed0
SHA256:cdcad9355b625743f40e4cead9a96353404e010c39c808d23b044be331afa251
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-settings-3.8.7.jar

Description:

Maven Settings model.

File Path: /var/m2/repository/org/apache/maven/maven-settings/3.8.7/maven-settings-3.8.7.jar
MD5: 15f27ff0da8cfa9d9ef947f31daa4d6a
SHA1: 2fb7eb81ea304e0b7dc0da3cc986ee6887915644
SHA256:00c098d2be3b81da037fa2d41179bf14938edb12ec3ada2c8df640c4a67710bb
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-settings-builder-3.8.7.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: /var/m2/repository/org/apache/maven/maven-settings-builder/3.8.7/maven-settings-builder-3.8.7.jar
MD5: d57d336fd1e79a7112ad9f2432e51745
SHA1: db330482100fd0cd27f113fb55a8f67794e9e0ee
SHA256:2cd3d9d10e8486b29d46ef436dc96bbbfaf435a45dd328ccf955f5af969c8abe
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

maven-shared-utils-3.3.4.jar

Description:

Shared utilities for use by Maven core and plugins

File Path: /var/m2/repository/org/apache/maven/shared/maven-shared-utils/3.3.4/maven-shared-utils-3.3.4.jar
MD5: 908f2a0107ff330ac9b856356a0acaef
SHA1: f87a61adb1e12a00dcc6cc6005a51e693aa7c4ac
SHA256:7925d9c5a0e2040d24b8fae3f612eb399cbffe5838b33ba368777dc7bddf6dda
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

CVE-2021-4277  

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

mssql-jdbc-11.2.1.jre8.jar

Description:

		Microsoft JDBC Driver for SQL Server.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/m2/repository/com/microsoft/sqlserver/mssql-jdbc/11.2.1.jre8/mssql-jdbc-11.2.1.jre8.jar
MD5: ba2ed2afc24170a2ac7f0caacf861a4e
SHA1: ca1c8eb9ebdecdcdb9691f09b887ee209e1f5b39
SHA256:a81bedcf2baa4e161ed883826a65a49be5a3a0ebc2543d789c684841aa5e07b4
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

mysql-connector-java-8.0.30.jar

Description:

JDBC Type 4 driver for MySQL

License:

The GNU General Public License, v2 with FOSS exception
File Path: /var/m2/repository/mysql/mysql-connector-java/8.0.30/mysql-connector-java-8.0.30.jar
MD5: ad7ef879830dbf17c7a73bf03b34f6fc
SHA1: b26dd6e4e917d3d4726c34d09d2fd67df7c1dd37
SHA256:b5bf2f0987197c30adf74a9e419b89cda4c257da2d1142871f508416d5f2227a
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

ojdbc8-21.8.0.0.jar

Description:

 Oracle JDBC Driver compatible with JDK8, JDK11, JDK12, JDK13, JDK14 and JDK15

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /var/m2/repository/com/oracle/database/jdbc/ojdbc8/21.8.0.0/ojdbc8-21.8.0.0.jar
MD5: 66ec4901fe18e4937bd8513d3e96fa7e
SHA1: a936ac327860f3863b605470f306fb76e4e52a10
SHA256:a1f136c467fd5c98e782aa3648b9350a54e4a0ad340bc85807e76c8ae8890e0e
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

org.eclipse.sisu.inject-0.3.5.jar

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /var/m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
MD5: 1b296b0ddd911ed3750b3df93b395cd5
SHA1: d4265dd4f0f1d7a06d80df5a5f475d5ff9c17140
SHA256:c5994010bcdce1d2bd603a4d50c47191ddbd7875d1157b23aaa26d33c82fda13
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

org.eclipse.sisu.plexus-0.3.5.jar

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /var/m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.jar
MD5: 30c4a9fa2137698ed66c8542f1be196a
SHA1: d71996bb2e536f966b3b70e647067fff3b73d32f
SHA256:7e4c61096d70826f20f7a7d55c59a5528e7aa5ad247ee2dfe544e4dd25f6a784
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

oro-2.0.8.jar

File Path: /var/m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
SHA256:e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

plexus-cipher-2.0.jar

File Path: /var/m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

plexus-classworlds-2.6.0.jar

Description:

A class loader framework

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
MD5: 67e722b27e3a33b33c1b263b99dd7c43
SHA1: 8587e80fcb38e70b70fae8d5914b6376bfad6259
SHA256:52f77c5ec49f787c9c417ebed5d6efd9922f44a202f217376e4f94c0d74f3549
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

plexus-component-annotations-2.1.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: /var/m2/repository/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.jar
MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

plexus-container-default-2.1.0.jar

Description:

    The Plexus IoC container API and its default implementation.

File Path: /var/m2/repository/org/codehaus/plexus/plexus-container-default/2.1.0/plexus-container-default-2.1.0.jar
MD5: 38bb4378dcf8868a6ef203b0f4a2ddae
SHA1: c189df3d30aa7707c36aa2746fae55ebe11d711e
SHA256:6dceb1246b188153bdcb6f962d543d51ddb672cca07cad94a78fbabc9edf0a39
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

plexus-i18n-1.0-beta-10.jar

File Path: /var/m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar
MD5: 7f36c0459c853750c627f682ec7bcf52
SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0cc
SHA256:b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

plexus-interpolation-1.26.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar
MD5: 1049ae9f5cd8cf618abf5bc5805e6b94
SHA1: 25b919c664b79795ccde0ede5cee0fd68b544197
SHA256:b3b5412ce17889103ea564bcdfcf9fb3dfa540344ffeac6b538a73c9d7182662
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

plexus-sec-dispatcher-2.0.jar

File Path: /var/m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

plexus-utils-3.5.0.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.

File Path: /var/m2/repository/org/codehaus/plexus/plexus-utils/3.5.0/plexus-utils-3.5.0.jar
MD5: a692f46bd0bb8e23a76f254077fbb085
SHA1: ff9f0881396a06b31ff548048256e9a7c8f1207a
SHA256:e5182eb3e5e73cf89d6426ca7f5cbae2e72819b9bed68d872f80f3b535269cb8
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

CVE-2021-4277  

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

plexus-velocity-1.2.jar

File Path: /var/m2/repository/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.jar
MD5: 7d7805136e8165f53c944612a809f1a6
SHA1: 1331b9d6bbf99ead362c68c2f318ebe5fedda598
SHA256:b4c4a0dbeacad54306a1ae230eff5ab45d58e3ab88c86ab7245d3a0772be57ab
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

postgresql-42.5.1.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /var/m2/repository/org/postgresql/postgresql/42.5.1/postgresql-42.5.1.jar
MD5: 378f8a2ddab2564a281e5f852800e2e9
SHA1: ac2f61eb3b1b4e47ea45de47e73d2e92f49e3ce1
SHA256:89e8bffa8b37b9487946012c690cf04f3103953051c1c193d88ee36b68d365ae
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

protobuf-java-3.19.4.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /var/m2/repository/com/google/protobuf/protobuf-java/3.19.4/protobuf-java-3.19.4.jar
MD5: 1697b144988cbe6529fd3c4ad56fe882
SHA1: 748e4e0b9e4fa6b9b1fe65690aa04a9db56cfc4d
SHA256:e8f524c2ad5965aae31b0527bf9d4e3bc19b0dfba8c05aef114fccc7f057c94d
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

CVE-2022-3171  

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-3509  

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-3510  

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

schemaSpy.js

File Path: /home/mprins/workspace/schemaspy-maven-plugin/src/main/resources/schemaSpy.js
MD5: aaede271e3041da70704ab17b14027b9
SHA1: 9e83fd720349bb9538c6210adfb68c5f1b7900d3
SHA256:d76c44bd87e6c839927ece2b5a0f4b7df347fa0fdf00a6cd4630c59d3117cc29
Referenced In Project/Scope:SchemaSpy Maven Plugin

Identifiers

  • None

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /var/m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope:SchemaSpy Maven Plugin:provided

Identifiers

velocity-1.7.jar

Description:

Apache Velocity is a general purpose template engine.

File Path: /var/m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

CVE-2020-13936  

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

velocity-tools-2.0.jar

Description:

        VelocityTools is an integrated collection of Velocity subprojects
        with the common goal of creating tools and infrastructure to speed and ease
        development of both web and non-web applications using the Velocity template
        engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
SHA256:b174eb36bc48c25dce10571c7d3d5dca4e4c1b3e2e31a92b9ed68fe9dea688d9
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers

CVE-2020-13959  

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

xbean-reflect-3.7.jar

Description:

xbean-reflect provides very flexible ways to creat objects and graphs of objects for DI frameworks

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/m2/repository/org/apache/xbean/xbean-reflect/3.7/xbean-reflect-3.7.jar
MD5: b77f0c9914e56547409e65137acba9eb
SHA1: 6072a967ec936b3bb25b421d8eca07dd750219fd
SHA256:104e5e9bb5a669f86722f32281960700f7ec8e3209ef51b23eb9b6d23d1629cb
Referenced In Project/Scope:SchemaSpy Maven Plugin:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.