CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2019-17566 – batik: SSRF via "xlink:href"
https://notcve.org/view.php?id=CVE-2019-17566
06 Nov 2020 — Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación inapropiada de la entrada por parte de los atributos "xlink:href". Al utilizar un argumento especialmente diseñado, un atacante ... • https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 56%CPEs: 3EXPL: 1CVE-2020-14864 – Oracle Business Intelligence Enterprise Edition Path Transversal
https://notcve.org/view.php?id=CVE-2020-14864
21 Oct 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligen... • https://www.exploit-db.com/exploits/48964 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14843
https://notcve.org/view.php?id=CVE-2020-14843
21 Oct 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intell... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14815
https://notcve.org/view.php?id=CVE-2020-14815
21 Oct 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intell... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14766
https://notcve.org/view.php?id=CVE-2020-14766
21 Oct 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14690
https://notcve.org/view.php?id=CVE-2020-14690
15 Jul 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Bus... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14626
https://notcve.org/view.php?id=CVE-2020-14626
15 Jul 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS ... • https://security.gentoo.org/glsa/202105-27 •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14609
https://notcve.org/view.php?id=CVE-2020-14609
15 Jul 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracl... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 9.8EPSS: 51%CPEs: 4EXPL: 1CVE-2020-2950 – Oracle Business Intelligence AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-2950
15 Apr 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.... • https://github.com/tuo4n8/CVE-2020-2950 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2CVE-2019-14862 – knockout: Cross-site Scripting (XSS) attacks due to not escaping the name attribute.
https://notcve.org/view.php?id=CVE-2019-14862
03 Dec 2019 — There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. Hay una vulnerabilidad en knockout versiones anteriores a la versión 3.5.0-beta, donde después de escapar del contexto de la aplicación web, la aplicación web entrega datos a sus usuarios junto con otro contenido dinámico seguro, sin comprobarlo. • https://github.com/ossf-cve-benchmark/CVE-2019-14862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •