CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3324
https://notcve.org/view.php?id=CVE-2017-3324
27 Jan 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact add... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3263
https://notcve.org/view.php?id=CVE-2017-3263
27 Jan 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critica... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 0CVE-2016-0635
https://notcve.org/view.php?id=CVE-2016-0635
21 Jul 2016 — Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine componen... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 4CVE-2012-3137 – Oracle Database - Protocol Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-3137
21 Sep 2012 — The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." El protocolo de autenticación en Oracle Database 11g 1 y 2 permite a atacantes remotos obtener la clave y la "salt" de sesión para usuarios de su... • https://www.exploit-db.com/exploits/22069 • CWE-287: Improper Authentication •