CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 71%CPEs: 13EXPL: 0CVE-2020-6950 – Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
https://notcve.org/view.php?id=CVE-2020-6950
12 May 2020 — Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Una vulnerabilidad de Salto de Directorio en Eclipse Mojarra versiones anteriores a 2.3.14, permite a atacantes leer archivos arbitrarios por medio del parámetro loc o del parámetro con A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to re... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 9%CPEs: 18EXPL: 1CVE-2019-17195 – nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
https://notcve.org/view.php?id=CVE-2019-17195
15 Oct 2019 — Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. Connect2id Nimbus JOSE+JWT versiones anteriores a v7.9, puede arrojar varias excepciones no captadas al analizar un JWT, lo que podría resultar en un bloqueo de la aplicación (potencial divulgación de información) o una posible omisión de autenticación. A flaw was found in Connect2id Nimbus JOSE+J... • https://github.com/somatrasss/weblogic2021 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2018-2930
https://notcve.org/view.php?id=CVE-2018-2930
18 Jul 2018 — Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3588
https://notcve.org/view.php?id=CVE-2017-3588
19 Oct 2017 — Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modificati... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10234
https://notcve.org/view.php?id=CVE-2017-10234
08 Aug 2017 — Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5525
https://notcve.org/view.php?id=CVE-2016-5525
25 Oct 2016 — Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. Vulnerabilidad no especificada en el componente Solaris Cluster en Oracle Sun Systems Products Suite 3.3 y 4.3 permite a usuarios locales afectar la integridad a través de vectores relacionados con archivos de comprobación Cluster. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3480
https://notcve.org/view.php?id=CVE-2016-3480
21 Jul 2016 — Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql. Vulnerabilidad no especificada en el componente Solaris Cluster en Oracle Sun Systems Products Suite 3.3 y 4.3 permite a usuarios locales afectar la confidencialidad a través de vectores relacionados con HA para Postgresql. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0417
https://notcve.org/view.php?id=CVE-2016-0417
21 Jan 2016 — Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors related to HA for MySQL. Vulnerabilidad no especificada en el componente Solaris Cluster en Oracle Sun Systems Products Suite 3.3 y 4.2 permite a usuarios locales afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con HA para MySQL. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •