CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 2CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10160
https://notcve.org/view.php?id=CVE-2017-10160
08 Aug 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10131
https://notcve.org/view.php?id=CVE-2017-10131
08 Aug 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 5.4EPSS: 1%CPEs: 5EXPL: 2CVE-2017-10046 – Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2017-10046
08 Aug 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 En... • https://packetstorm.news/files/id/146437 • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3503
https://notcve.org/view.php?id=CVE-2017-3503
24 Apr 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may s... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3579
https://notcve.org/view.php?id=CVE-2017-3579
24 Apr 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primav... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3583
https://notcve.org/view.php?id=CVE-2017-3583
24 Apr 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerabilit... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2017-3324
https://notcve.org/view.php?id=CVE-2017-3324
27 Jan 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact add... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3263
https://notcve.org/view.php?id=CVE-2017-3263
27 Jan 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critica... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3567
https://notcve.org/view.php?id=CVE-2016-3567
21 Jul 2016 — Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access. Vulnerabilidad no especificada en el componente Primavera P6 Enterprise Project Portfolio Management en Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2 y 16.1 permite a usuarios remotos autenticados afectar la confidencialidad y la inte... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •