Page 11 of 55 results (0.020 seconds)

CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0

CVE-2018-2637 – OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)

https://notcve.org/view.php?id=CVE-2018-2637

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102576 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4381

https://notcve.org/view.php?id=CVE-2016-4381

HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x hasta la versión 8.x en versiones anteriores a 8.4.1-02, cuando Replication Manager (RepMgr) y Device Manager (DevMgr) están habilitados, permite a usuarios locales eludir restricciones de acceso intencionadas a través de vectores no especificados. • http://www.securityfocus.com/bid/92733 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-4378

https://notcve.org/view.php?id=CVE-2016-4378

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Los componentes (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor y (5) Hitachi Automation Director (HAD) en HPE XP P9000 Command View Advanced Edition Software en versiones anteriores a 8.4.1-00 y XP7 Command View Advanced Edition Suite en versiones anteriores a 8.4.1-00 permiten a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/92649 http://www.securitytracker.com/id/1036686 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2003

https://notcve.org/view.php?id=CVE-2016-2003

HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. HPE P9000 Command View Advanced Edition Software (CVAE) 7.x y 8.x en versiones anteriores a 8.4.0-00 y XP7 CVAE 7.x y 8.x en versiones anteriores a 8.4.0-00 permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438 •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-5255 – Apache Flex BlazeDS 4.7.1 SSRF

https://notcve.org/view.php?id=CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. Adobe BlazeDS, como se utiliza en ColdFusion 10 en versiones anteriores a Update 18 y 11 en versiones anteriores a Update 7 y LiveCycle Data Services 3.0.x en versiones anteriores a 3.0.0.354175, 3.1.x en versiones anteriores a 3.1.0.354180, 4.5.x en versiones anteriores a 4.5.1.354177, 4.6.2.x en versiones anteriores a 4.6.2.354178 y 4.7.x en versiones anteriores a 4.7.0.354178, permite a atacantes remotos enviar tráfico HTTP a los servidores de la intranet a través de un documento XML manipulado, relacionado con un problema Server-Side Request Forgery (SSRF). Apache Flex BlazeDS versions 4.7.0 and 4.7.1 suffer from a server-side request forgery vulnerability. • http://marc.info/?l=bugtraq&m=145996963420108&w=2 http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html http://www.securityfocus.com/archive/1/536958/100/0/threaded http://www.securityfocus.com/bid/77626 http://www.securitytracker.com/id/1034210 http://www.vmware.com/security/advisories/VMSA-2015-0008.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670 https://helpx.adobe.com/security/products/coldfusion/apsb15 • CWE-20: Improper Input Validation •