CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2608
https://notcve.org/view.php?id=CVE-2015-2608
Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; and (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC. Vulnerabilidad no especificada en los componentes (1) Oracle Communications Diameter Signaling Router (DSR) en Oracle Communications Applications 4.1.6 y versiones anteriores, 5.1.0 y versiones anteriores, 6.0.2 y versiones anteriores y 7.1.0 y versiones anteriores; (2) Oracle Communications Performance Intelligence Center Software en Oracle Communications Applications 9.0.3 y versiones anteriores y 10.1.5 y versiones anteriores; (3) Oracle Communications Policy Management en Oracle Communications Applications 9.9.0 y versiones anteriores, 10.5.0 y versiones anteriores, 11.5.0 y versiones anteriores y 12.1.0 y versiones anteriores y (4) Oracle Communications Tekelec HLR Router en Oracle Communications Applications 4.0.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con PMAC. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securitytracker.com/id/1033900 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4793
https://notcve.org/view.php?id=CVE-2015-4793
Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy. Vulnerabilidad no especificada en el componente Oracle Communications Convergence en Oracle Communications Applications 2.0 y 3.0.1 permite a atacantes remotos afectar a la confidencialidad a través de vectores desconocidos relacionados con Mail Proxy. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securitytracker.com/id/1033900 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6598
https://notcve.org/view.php?id=CVE-2014-6598
Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Signaling - DPI. Vulnerabilidad no especificada en el componente Oracle Communications Diameter Signaling Router en Oracle Communications Applications 3.x, 4.x, y 5.0 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores relacionados con Signaling - DPI. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securitytracker.com/id/1031590 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6465
https://notcve.org/view.php?id=CVE-2014-6465
Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept. Vulnerabilidad sin especificar en el componente Oracle Communications Session Border Controller en Oracle Communications Applications SCX640m5 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Lawful Intercept. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70573 •