CVSS: 8.6EPSS: 2%CPEs: 4EXPL: 0CVE-2020-14609
https://notcve.org/view.php?id=CVE-2020-14609
15 Jul 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracl... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 9.8EPSS: 81%CPEs: 2EXPL: 1CVE-2020-9480
https://notcve.org/view.php?id=CVE-2020-9480
23 Jun 2020 — In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc). En Apache Spark versión 2.4.5 y ve... • https://github.com/XiaoShaYu617/CVE-2020-9480 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 86%CPEs: 4EXPL: 1CVE-2020-2950 – Oracle Business Intelligence AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-2950
15 Apr 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.... • https://github.com/tuo4n8/CVE-2020-2950 •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 2CVE-2019-14862 – knockout: Cross-site Scripting (XSS) attacks due to not escaping the name attribute.
https://notcve.org/view.php?id=CVE-2019-14862
03 Dec 2019 — There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. Hay una vulnerabilidad en knockout versiones anteriores a la versión 3.5.0-beta, donde después de escapar del contexto de la aplicación web, la aplicación web entrega datos a sus usuarios junto con otro contenido dinámico seguro, sin comprobarlo. Red Hat Decision Manager is an o... • https://github.com/ossf-cve-benchmark/CVE-2019-14862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •