CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
https://notcve.org/view.php?id=CVE-2019-10086
20 Aug 2019 — In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 6%CPEs: 335EXPL: 0CVE-2019-10247 – jetty: error path information disclosure
https://notcve.org/view.php?id=CVE-2019-10247
22 Apr 2019 — In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the ... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 8.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-10065
https://notcve.org/view.php?id=CVE-2017-10065
19 Oct 2017 — Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. While the vulnerability is in Oracle Retail Point-of-Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthoriz... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-10183
https://notcve.org/view.php?id=CVE-2017-10183
08 Aug 2017 — Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products. Successful attacks of ... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 8.2EPSS: 1%CPEs: 22EXPL: 0CVE-2017-10214
https://notcve.org/view.php?id=CVE-2017-10214
08 Aug 2017 — Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •