CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2019-12402 – apache-commons-compress: Infinite loop in name encoding algorithm
https://notcve.org/view.php?id=CVE-2019-12402
29 Aug 2019 — The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. El algoritmo de codificación de nombre de archivo utilizado internamente en Apache Commons Compress versiones 1.15 hasta 1.18, puede entrar en un bucle infinito cuando se enfrenta a entradas especialmente diseñadas. Esto pue... • https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 7%CPEs: 180EXPL: 1CVE-2019-13990 – libquartz: XXE attacks via job description
https://notcve.org/view.php?id=CVE-2019-13990
26 Jul 2019 — initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. La función initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versión 2.3.0, permite ataques de tipo XXE por medio de una descripción del trabajo. The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of X... • https://github.com/epicosy/Quartz-1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2896
https://notcve.org/view.php?id=CVE-2018-2896
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3020
https://notcve.org/view.php?id=CVE-2018-3020
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauth... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3021
https://notcve.org/view.php?id=CVE-2018-3021
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confid... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-3022
https://notcve.org/view.php?id=CVE-2018-3022
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CV... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3023
https://notcve.org/view.php?id=CVE-2018-3023
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data and unauthorized ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3024
https://notcve.org/view.php?id=CVE-2018-3024
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauth... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3025
https://notcve.org/view.php?id=CVE-2018-3025
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3026
https://notcve.org/view.php?id=CVE-2018-3026
18 Jul 2018 — Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •