CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2014-6557
https://notcve.org/view.php?id=CVE-2014-6557
Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management. Vulnerabilidad sin especificar en el componente Application Performance Management en Oracle Enterprise Manager Grid Control anterior a 12.1.0.6.2 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con End User Experience Management. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70512 http://www.securitytracker.com/id/1031041 •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2010-3594 – Oracle Real User Experience Insight rsynclogdird SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2010-3594
Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files. Una vulnerabilidad no especificada en el componente Real User Experience Insight en Enterprise Manager Grid Control de Oracle versión 6.0, permite a los atacantes remotos afectar a la confidencialidad y la integridad por medio de vectores desconocidos relacionados con Processing. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. • http://secunia.com/advisories/42973 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45874 http://www.securitytracker.com/id?1024979 http://www.vupen.com/english/advisories/2011/0140 http://www.zerodayinitiative.com/advisories/ZDI-11-016 https://exchange.xforce.ibmcloud.com/vulnerabilities/64779 •