CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21994
https://notcve.org/view.php?id=CVE-2023-21994
18 Jul 2023 — Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critica... • https://www.oracle.com/security-alerts/cpujul2023.html •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 57%CPEs: 77EXPL: 1CVE-2020-5421 – RFD Protection Bypass via jsessionid
https://notcve.org/view.php?id=CVE-2020-5421
19 Sep 2020 — In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante ... • https://github.com/pandaMingx/CVE-2020-5421 •
CVSS: 9.8EPSS: 2%CPEs: 79EXPL: 0CVE-2020-10683 – dom4j: XML External Entity vulnerability in default SAX parser
https://notcve.org/view.php?id=CVE-2020-10683
01 May 2020 — dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j versiones anteriores a 2.0.3 y versiones 2.1.x anteriores a 2.1.3, permite DTDs y External Entities por defecto, lo que podría permitir ataques de tipo XXE. Sin embargo, existe una documentación externa popular de OWASP que mues... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2598
https://notcve.org/view.php?id=CVE-2015-2598
16 Jul 2015 — Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect integrity via unknown vectors related to Mobile - iPad. Vulnerabilidad no especificada en la aplicación móvil en Oracle Business Intelligence Enterprise Edition en Oracle Fusion Middleware en la versión anterior a 11.1.1.7.0 (11.6.39), permite a usuarios remotos autenticados afectar la integridad a través de vectore... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2602 – Oracle Endeca Information Discovery Integrator ETL Server UploadFileContent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2602
16 Jul 2015 — Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones ... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2603 – Oracle Endeca Information Discovery Integrator ETL Server Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-2603
16 Jul 2015 — Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones ... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2604 – Oracle Endeca Information Discovery Integrator ETL Server CopyFile Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2604
16 Jul 2015 — Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones ... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2605 – Oracle Endeca Information Discovery Integrator ETL Server MoveFile Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2605
16 Jul 2015 — Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones ... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2606 – Oracle Endeca Information Discovery Integrator ETL Server RenameFile Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2606
16 Jul 2015 — Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones ... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •