CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-8177 – gluster-swift metadata constraints are not correctly enforced
https://notcve.org/view.php?id=CVE-2014-8177
05 Oct 2015 — The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. El paquete gluster-swift de Red Hat, tal como se utiliza en Red Hat Gluster Storage (anteriormente Red Hat Storage Server), permite a usuarios remotos autenticados eludir la restricción max_meta_count a través de múltiples peticiones manipuladas que exceden el lími... • http://rhn.redhat.com/errata/RHSA-2015-1845.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5635 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-5635
09 Apr 2013 — The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. La funcionalidad GlusterFS en Red Hat Storage Management Console v2.0, Native Client, Server 2.0 permite a usuarios locales sobreescribir archivos arbitrarios mediant... • http://rhn.redhat.com/errata/RHSA-2013-0691.html • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •