CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21547
https://notcve.org/view.php?id=CVE-2025-21547
21 Jan 2025 — Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data and unautho... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21172
https://notcve.org/view.php?id=CVE-2024-21172
15 Oct 2024 — Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result i... • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22087
https://notcve.org/view.php?id=CVE-2023-22087
17 Oct 2023 — Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2023.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22085
https://notcve.org/view.php?id=CVE-2023-22085
17 Oct 2023 — Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 7.2EPSS: 17%CPEs: 1EXPL: 0CVE-2023-21932
https://notcve.org/view.php?id=CVE-2023-21932
18 Apr 2023 — Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerabil... • https://www.oracle.com/security-alerts/cpuapr2023.html •
CVSS: 8.3EPSS: 1%CPEs: 248EXPL: 6CVE-2021-2351 – Oracle Database Weak NNE Integrity Key Derivation
https://notcve.org/view.php?id=CVE-2021-2351
20 Jul 2021 — Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful atta... • https://packetstorm.news/files/id/165258 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 9.8EPSS: 94%CPEs: 13EXPL: 13CVE-2020-17530 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17530
11 Dec 2020 — Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. Una evaluación OGNL forzada, cuando se evalúa según la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota. Software afectado: Apache Struts versión 2.0.0 - Struts versión 2.5.25 The Apache Struts framework, when forced, performs double evaluation of attribute values assigned... • https://packetstorm.news/files/id/160721 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2020-17521 – groovy: OS temporary directory leads to information disclosure
https://notcve.org/view.php?id=CVE-2020-17521
07 Dec 2020 — Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in ve... • https://groovy-lang.org/security.html#CVE-2020-17521 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2019-17566 – batik: SSRF via "xlink:href"
https://notcve.org/view.php?id=CVE-2019-17566
06 Nov 2020 — Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación inapropiada de la entrada por parte de los atributos "xlink:href". Al utilizar un argumento especialmente diseñado, un atacante ... • https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2020-14877
https://notcve.org/view.php?id=CVE-2020-14877
21 Oct 2020 — Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Ser... • https://www.oracle.com/security-alerts/cpuoct2020.html •