CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10693 – hibernate-validator: Improper input validation in the interpolation of constraint error messages
https://notcve.org/view.php?id=CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. Se encontró un fallo en Hibernate Validator versión 6.1.2.Final. Un error en el procesador de interpolación de mensajes permite evaluar expresiones EL no válidas como si fueran válidas. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693 https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-202 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3590
https://notcve.org/view.php?id=CVE-2014-3590
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. Se descubrió que la implementación de la clase GTNSubjectCreatingInterceptor en gatein-wsrp no era segura para subprocesos o hilos. Para un endpoint WSRP específico, en escenarios de alta concurrencia o escenarios en los que los mensajes SOAP tardan en ser ejecutados, era posible que un atacante remoto no autenticado consiga información privilegiada si WS-Security está habilitado para el consumidor de WSRP, y el endpoint en cuestión está siendo utilizado por un usuario privilegiado. Esto afecta a JBoss Portal versión 6.2.0. • https://access.redhat.com/security/cve/cve-2014-3590 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590 https://security-tracker.debian.org/tracker/CVE-2014-3590 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0241
https://notcve.org/view.php?id=CVE-2014-0241
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable rubygem-hammer_cli_foreman: El archivo /etc/hammer/cli.modules.d/foreman.yml es de tipo world readable. • https://access.redhat.com/security/cve/cve-2014-0241 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2013-2101
https://notcve.org/view.php?id=CVE-2013-2101
Katello has multiple XSS issues in various entities Katello presenta múltiples problemas de tipo XSS en varias entidades. • https://access.redhat.com/security/cve/cve-2013-2101 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2013-6461
https://notcve.org/view.php?id=CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits La gema Nokogiri versiones 1.5.x y 1.6.x, tienebn una DoS durante el análisis de entidades XML al fallar para aplicar límites. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6461 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461 https://exchange.xforce.ibmcloud.com/vulnerabilities/90059 https://security-tracker.debian.org/tracker/CVE-2013-6461 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •