CVSS: 3.6EPSS: 0%CPEs: 19EXPL: 1CVE-2021-34428 – jetty: SessionListener can prevent a session from being invalidated breaking logout
https://notcve.org/view.php?id=CVE-2021-34428
22 Jun 2021 — For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Para Eclipse Jetty versiones anteriores a 9.4.40 incluyéndola, versiones anteriores a 10.0.2 incluyéndola, versio... • https://github.com/Trinadh465/jetty_9.4.31_CVE-2021-34428 • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 2CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5461
https://notcve.org/view.php?id=CVE-2016-5461
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Object Manager. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Object Manager. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3469
https://notcve.org/view.php?id=CVE-2016-3469
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios locales afectar la confidencialidad a través de vectores relacionados con Services. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5456
https://notcve.org/view.php?id=CVE-2016-5456
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Services. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5462
https://notcve.org/view.php?id=CVE-2016-5462
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a administradores remotos afectar la confidencialidad a través de vectores Workspaces. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5460
https://notcve.org/view.php?id=CVE-2016-5460
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados c... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5466
https://notcve.org/view.php?id=CVE-2016-5466
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados c... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3450
https://notcve.org/view.php?id=CVE-2016-3450
21 Jul 2016 — Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466. Vulnerabilidad no especificada en el componente Siebel Core - Server Framework en Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015 e IP2016 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados c... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •