CVSS: 5.3EPSS: 87%CPEs: 53EXPL: 3CVE-2018-11784 – Apache Tomcat 9.0.0.M1 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-11784
04 Oct 2018 — When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, re... • https://packetstorm.news/files/id/163456 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5580
https://notcve.org/view.php?id=CVE-2016-5580
25 Oct 2016 — Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. Vulnerabilidad no especificada en el componente Secure Global Desktop en Oracle Virtualization 4.7 y 5.2 permite a usuarios remotos autenticados afectar la confidencialidad y la disponibilidad a través de vectores por medio de Web Services. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 5%CPEs: 3EXPL: 0CVE-2016-3613
https://notcve.org/view.php?id=CVE-2016-3613
21 Jul 2016 — Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop en Oracle Virtualization 4.63, 4.71 y 5.2 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con OpenSSL. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-0501
https://notcve.org/view.php?id=CVE-2016-0501
21 Jan 2016 — Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop en Oracle Virtualization 5.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con SGD Core. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 8.1EPSS: 1%CPEs: 24EXPL: 0CVE-2013-2064 – libxcb: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-2064
23 May 2013 — Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet. The X11 libraries provide library routines that are used within all X Window applications. Multipl... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •