CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2020-17521 – groovy: OS temporary directory leads to information disclosure
https://notcve.org/view.php?id=CVE-2020-17521
07 Dec 2020 — Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in ve... • https://groovy-lang.org/security.html#CVE-2020-17521 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 2CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0508
https://notcve.org/view.php?id=CVE-2016-0508
21 Jan 2016 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. Vulnerabilidad no especificada en el componente Oracle iLearning en Oracle iLearning 6.0 y 6.1 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Learner Administration. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0436
https://notcve.org/view.php?id=CVE-2015-0436
21 Jan 2015 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login. Vulnerabilidad no especificada en el componente Oracle iLearning en Oracle iLearning 6.0 y 6.1 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con el inicio de sesión (Login). • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6594
https://notcve.org/view.php?id=CVE-2014-6594
21 Jan 2015 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Learner Pages. Vulnerabilidad no especificada en el componente Oracle iLearning en Oracle iLearning 6.0 y 6.1 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Learner Pages. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2471
https://notcve.org/view.php?id=CVE-2014-2471
16 Apr 2014 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. Vulnerabilidad no especificada en el componente Oracle iLearning component en Oracle iLearning 6.0 y 6.1 permite a atacantes remotos afectar la integridad a través de vectores relacionados con Learner Pages. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0389
https://notcve.org/view.php?id=CVE-2014-0389
15 Jan 2014 — Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. Vulnerabilidad no especificada en Oracle iLearning 6.0 permite a atacantes remotos afectar la intregridad a través de vectores relacionados con Learner Pages. • http://osvdb.org/102109 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5822
https://notcve.org/view.php?id=CVE-2013-5822
16 Oct 2013 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Learner Administration. Vulnerabilidad no especificada en el componente Oracle iLearning v 5.2.1 y v6.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la administración del aprendiz. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5845
https://notcve.org/view.php?id=CVE-2013-5845
16 Oct 2013 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. Vulnerabilidad no especificada en el componente Oracle iLearning v5.2.1 y v6.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con la administración del aprendiz. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3775
https://notcve.org/view.php?id=CVE-2013-3775
17 Jul 2013 — Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. Vulnerabilidad no especificada en el componente Oracle iLearning en Oracle iLearning v5.2.1 y v6.0 permite a atacantes remotos afectar la integridad mediante vectores relacionados con Learner Pages. • http://osvdb.org/95301 •