CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2018-0734 – Timing attack against DSA
https://notcve.org/view.php?id=CVE-2018-0734
30 Oct 2018 — The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 5.9EPSS: 0%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
29 Oct 2018 — The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 8.8EPSS: 1%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
11 May 2018 — Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizad... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 92%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5534
https://notcve.org/view.php?id=CVE-2007-5534
17 Oct 2007 — Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01. Vulnerabilidad no especificada en en el componente HCM de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 tiene impacto y vectores de ataque remotos desconocidos, también conocida como PSE_HCM01. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2006-3722
https://notcve.org/view.php?id=CVE-2006-3722
19 Jul 2006 — Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01. Vulnerabilidad no especificada en PeopleSoft Enterprise Portal para Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, y 8.9 Bundle #3 tiene un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# PSE01. • http://secunia.com/advisories/21111 •
CVSS: 9.8EPSS: 12%CPEs: 60EXPL: 0CVE-2006-0552
https://notcve.org/view.php?id=CVE-2006-0552
04 Feb 2006 — Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. • http://secunia.com/advisories/18493 •
CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 0CVE-2006-0280
https://notcve.org/view.php?id=CVE-2006-0280
18 Jan 2006 — Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01. • http://secunia.com/advisories/18493 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3461
https://notcve.org/view.php?id=CVE-2005-3461
02 Nov 2005 — Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01. Vulnerabilidad no especificada en PeopleTools en Oracle PeopleSoft Enterprise 8.42 hasta la versión 8.45.17 tiene impacto y vectores de ataque no especificados, según lo identificado por Oracle Vuln# PSE01. • http://secunia.com/advisories/17250 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3463
https://notcve.org/view.php?id=CVE-2005-3463
02 Nov 2005 — Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03. Vulnerabilidad no especificada en PeopleTools en Oracle PeopleSoft Enterprise 8.44 hasta la versión 8.46.03 tiene impacto y vectores de ataque no especificados, según lo identificado por Oracle Vuln# PSE03. • http://secunia.com/advisories/17250 •