CVSS: 5.3EPSS: 78%CPEs: 53EXPL: 2CVE-2018-11784 – Apache Tomcat 9.0.0.M1 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, redirigiendo a "/foo/'' cuando el usuario solicitó '"/foo") se pudo usar una URL especialmente manipulada para hacer que la redirección se generara a cualquier URI de la elección del atacante. These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018. • https://www.exploit-db.com/exploits/50118 https://github.com/Cappricio-Securities/CVE-2018-11784 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html http://www.securityfocus.com/bid/105524 https://access.redhat.com/errata/RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0131 https://access.redhat.c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5580
https://notcve.org/view.php?id=CVE-2016-5580
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. Vulnerabilidad no especificada en el componente Secure Global Desktop en Oracle Virtualization 4.7 y 5.2 permite a usuarios remotos autenticados afectar la confidencialidad y la disponibilidad a través de vectores por medio de Web Services. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93632 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3613
https://notcve.org/view.php?id=CVE-2016-3613
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop en Oracle Virtualization 4.63, 4.71 y 5.2 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con OpenSSL. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91856 http://www.securitytracker.com/id/1036391 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0501
https://notcve.org/view.php?id=CVE-2016-0501
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop en Oracle Virtualization 5.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con SGD Core. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034729 •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2013-2064 – libxcb: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-2064
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html http://www.debian.org/security/2013/dsa-2686 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/60148 http://www.ubuntu.com/usn/USN-1855-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •