Page 2 of 7 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0

CVE-2019-3738

https://notcve.org/view.php?id=CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J en versiones anteriores a la 6.2.5, son susceptibles a una vulnerabilidad Missing Required Cryptographic Step. Un atacante remoto malicioso podría explotar potencialmente esta vulnerabilidad para obligar a dos partes a calcular la misma clave compartida predecible. • https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.8EPSS: 3%CPEs: 120EXPL: 0

CVE-2015-3253 – Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-3253

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Vulnerabilidad en la clase MethodClosure en runtime/MethodClosure.java en Apache Groovy desde la versión 1.7.0 hasta la versión 2.4.3, permite a atacantes remotos ejecutar código arbitrario y causar una denegación de servicio a través de un objeto serializado manipulado. A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. • http://groovy-lang.org/security.html http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2016-0066.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-284: Improper Access Control •