CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 47EXPL: 0CVE-2018-1000613
https://notcve.org/view.php?id=CVE-2018-1000613
09 Jul 2018 — Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be pic... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3155
https://notcve.org/view.php?id=CVE-2012-3155
16 Oct 2012 — Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. Vulnerabilidad no especificada en el componente CORBA ORB de Sun GlassFish Enterprise Server v2.1.1, Sun GlassFish Enterprise Server v3.0.1 y v3.1.2 y Sun Java Application Server System v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad, ... • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2011-3559
https://notcve.org/view.php?id=CVE-2011-3559
18 Oct 2011 — Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle Communications Server v2.0, GlassFish Enterprise Server v2.1.1, v3.0.1, y v3.1.1, y Sun Java System App Server v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relaci... • http://osvdb.org/76476 •
CVSS: 10.0EPSS: 88%CPEs: 4EXPL: 2CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
19 Apr 2011 — Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desc... • https://packetstorm.news/files/id/181110 •
CVSS: 2.4EPSS: 0%CPEs: 4EXPL: 0CVE-2010-2397
https://notcve.org/view.php?id=CVE-2010-2397
13 Jul 2010 — Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. Vulnerabilidad no especificada en Oracle Sun Java System Application Server v8.0, v8.1, y v8.2; y GlassFish Enterprise Server v2.1.1; permite a usuarios locales afectar la confidencialidad e integridad, relacionado con el GUI. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 1CVE-2008-5266 – Sun GlassFish 2.1 - 'name' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5266
28 Nov 2008 — Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en configuration/httpListenerEdit.jsf en la interfaz GlassFish 2 UR2 b04 webadmin en Sun Java System Applicati... • https://www.exploit-db.com/exploits/31901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 7CVE-2008-2751 – GlassFish Application Server - '/Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2751
18 Jun 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propert... • https://www.exploit-db.com/exploits/31927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •