CVSS: 3.6EPSS: 0%CPEs: 19EXPL: 0CVE-2021-34428 – jetty: SessionListener can prevent a session from being invalidated breaking logout
https://notcve.org/view.php?id=CVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Para Eclipse Jetty versiones anteriores a 9.4.40 incluyéndola, versiones anteriores a 10.0.2 incluyéndola, versiones anteriores a 11.0.2 incluyéndola, si es lanzada una excepción desde el método SessionListener#sessionDestroyed(), el ID de sesión no es invalidado en el administrador de ID de sesión. En despliegues con sesiones agrupadas y múltiples contextos esto puede resultar en que una sesión no sea invalidada. • https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zo • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3450
https://notcve.org/view.php?id=CVE-2016-3450
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Services, una vulnerabilidad diferente a CVE-2016-5460 y CVE-2016-5466. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91920 http://www.securitytracker.com/id/1036400 •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3469
https://notcve.org/view.php?id=CVE-2016-3469
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios locales afectar la confidencialidad a través de vectores relacionados con Services. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91928 http://www.securitytracker.com/id/1036400 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5462
https://notcve.org/view.php?id=CVE-2016-5462
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a administradores remotos afectar la confidencialidad a través de vectores Workspaces. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91968 http://www.securitytracker.com/id/1036400 •