CVSS: 4.3EPSS: 0%CPEs: 101EXPL: 0CVE-2020-9488 – log4j: improper validation of certificate with host mismatch in SMTP appender
https://notcve.org/view.php?id=CVE-2020-9488
27 Apr 2020 — Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 Validación incorrecta del certificado con desajuste de host en el apéndice SMTP de Apache Log4j. Esto podría permitir que una conexión SMTPS fuera interceptada por un ataque de tipo man-in-the-middle que podría filtrar cualquier mensaje de ... • https://issues.apache.org/jira/browse/LOG4J2-2819 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 92%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2594
https://notcve.org/view.php?id=CVE-2008-2594
15 Jul 2008 — Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593. Vulnerabilidad no especificada en el componente Oracle Portal en Oracle Application Server 10.1.2.3 y 10.1.4.2 tiene impacto desconocido y vectores de ataque remotos, una vulnerabilidad diferente a CVE-2008-2593. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2589
https://notcve.org/view.php?id=CVE-2008-2589
15 Jul 2008 — Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure. Una vulnerabilida... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2583
https://notcve.org/view.php?id=CVE-2008-2583
15 Jul 2008 — Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors. Vulnerabilidad en el Foro de Discusión Portlet para el componente Oracle Portal en Oracle Application Server, como está disponible desde OTN anterior 20080715, tiene un impacto y vectores de ataque desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2609
https://notcve.org/view.php?id=CVE-2008-2609
15 Jul 2008 — Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el componente Oracle Portal de Oracle Application Server 9.0.4.3, 10.1.2.3 y 10.1.4.2 tiene impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2612
https://notcve.org/view.php?id=CVE-2008-2612
15 Jul 2008 — Unspecified vulnerability in the Hyperion BI Plus component in Oracle Application Server 8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0, and 9.3.1.0 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el componente Hyperion BI Plus de Oracle Application Server 8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0 y 9.3.1.0 tiene impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2614
https://notcve.org/view.php?id=CVE-2008-2614
15 Jul 2008 — Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el componente Oracle HTTP Server de Oracle Application Server 9.0.4.3, 10.1.2.3, y 10.1.3.3 tiene un impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •