CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3518
https://notcve.org/view.php?id=CVE-2017-3518
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97720 http://www.securitytracker.com/id/1038297 •
CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5604
https://notcve.org/view.php?id=CVE-2016-5604
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563. Vulnerabilidad no especificada en el componente Enterprise Manager Base Platform en Oracle Enterprise Manager Grid Control 12.1.0.5 permite a usuarios locales afectar la confidencialidad e integridad a través de vectores relacionados con Security Framework, una vulnerabilidad diferente a CVE-2016-3563. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93751 http://www.securitytracker.com/id/1037036 • CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3563
https://notcve.org/view.php?id=CVE-2016-3563
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604. Vulnerabilidad no especificada en el componente Enterprise Manager Base Platform en Oracle Enterprise Manager Grid Control 12.1.0.5 permite a usuarios locales afectar la confidencialidad e integridad a través de vectores relacionados con Security Framework, una vulnerabilidad diferente a CVE-2016-5604. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91880 http://www.securitytracker.com/id/1036406 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3540
https://notcve.org/view.php?id=CVE-2016-3540
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework. Vulnerabilidad no especificada en el componente Enterprise Manager Base Platform en Oracle Enterprise Manager Grid Control 12.1.0.5 y 13.1.0.0 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con UI Framework. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91892 http://www.securitytracker.com/id/1036406 •