CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 1%CPEs: 5EXPL: 2CVE-2017-10046 – Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2017-10046
08 Aug 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 En... • https://packetstorm.news/files/id/146437 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10160
https://notcve.org/view.php?id=CVE-2017-10160
08 Aug 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10131
https://notcve.org/view.php?id=CVE-2017-10131
08 Aug 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 9.9EPSS: 1%CPEs: 6EXPL: 0CVE-2017-3503
https://notcve.org/view.php?id=CVE-2017-3503
24 Apr 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may s... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3579
https://notcve.org/view.php?id=CVE-2017-3579
24 Apr 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primav... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3583
https://notcve.org/view.php?id=CVE-2017-3583
24 Apr 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerabilit... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3263
https://notcve.org/view.php?id=CVE-2017-3263
27 Jan 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critica... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2017-3324
https://notcve.org/view.php?id=CVE-2017-3324
27 Jan 2017 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact add... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 9.0EPSS: 5%CPEs: 36EXPL: 0CVE-2016-0635
https://notcve.org/view.php?id=CVE-2016-0635
21 Jul 2016 — Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine componen... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •