CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2547
https://notcve.org/view.php?id=CVE-2020-2547
15 Jan 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional p... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2548
https://notcve.org/view.php?id=CVE-2020-2548
15 Jan 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attack... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2549
https://notcve.org/view.php?id=CVE-2020-2549
15 Jan 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2550
https://notcve.org/view.php?id=CVE-2020-2550
15 Jan 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogi... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2552
https://notcve.org/view.php?id=CVE-2020-2552
15 Jan 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Suc... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2020-2519
https://notcve.org/view.php?id=CVE-2020-2519
15 Jan 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial ... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 9.8EPSS: 49%CPEs: 28EXPL: 3CVE-2019-17571 – log4j: deserialization of untrusted data in SocketServer
https://notcve.org/view.php?id=CVE-2019-17571
20 Dec 2019 — Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario remotamente cuando... • https://github.com/shadow-horse/CVE-2019-17571 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 89%CPEs: 3EXPL: 7CVE-2019-2890
https://notcve.org/view.php?id=CVE-2019-2890
16 Oct 2019 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://github.com/l1nk3rlin/CVE-2019-2890 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2887
https://notcve.org/view.php?id=CVE-2019-2887
16 Oct 2019 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •