Page 11 of 81 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 0

CVE-2020-14803 – OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

https://notcve.org/view.php?id=CVE-2020-14803

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html https://security.gentoo.org/glsa/202101-19 https://security.netapp.com/advisory/ntap-20201023-0004 https://www.debian.org/security/2020/dsa-4779 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-14803 https://bugzilla.redhat.com/show_bug& • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0

CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS

https://notcve.org/view.php?id=CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0

CVE-2019-2958

https://notcve.org/view.php?id=CVE-2019-2958

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html https://security.netapp.com/advisory/ntap-20191017-0001 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

CVE-2019-2933

https://notcve.org/view.php?id=CVE-2019-2933

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://kc.mcafee.com/corporate/index?page=content&id=SB10315 https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html https://security.netapp.com/advisory/ntap-20191017-0001 •

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0

CVE-2019-2894

https://notcve.org/view.php?id=CVE-2019-2894

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.openwall.com/lists/oss-security/2019/10/02/2 http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://kc.mcafee.com/corporate/index?page=content&id=SB10315 https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html https:/ •