CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
https://notcve.org/view.php?id=CVE-2019-10086
20 Aug 2019 — In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1CVE-2010-2526 – lvm2-cluster: insecurity when communicating between lvm2 and clvmd
https://notcve.org/view.php?id=CVE-2010-2526
04 Aug 2010 — The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. El cluster logical volume manager daemon (clvmd) en lvm2-cluster en LVM2 anterior v2.02.72, como el usado en Red Hat Global File Sys... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3374 – possible buffer overflow could cause local DoS by crashing cman
https://notcve.org/view.php?id=CVE-2007-3374
25 Jun 2007 — Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages. Un desbordamiento de búfer en el archivo cluster/cman/daemon/daemon.c en cman (redhat-cluster-suite) antes del 20070622, permite a usuarios locales causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de mensajes de cliente largos. • http://osvdb.org/37497 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3373
https://notcve.org/view.php?id=CVE-2007-3373
25 Jun 2007 — daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests. El archivo daemon.c en cman (redhat-cluster-suite) antes del 20070622, no limpia un búfer para las peticiones de lectura, lo que podría permitir a usuarios locales obtener información confidencial de peticiones anteriores. • http://osvdb.org/45381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •