CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2018-11058
https://notcve.org/view.php?id=CVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6 (en las 4.1.0); y RSA BSAFE Crypto-C Micro Edition, en versiones anteriores a la 4.0.5.3 (en las 4.0.x), contienen una vulnerabilidad de sobrelectura de búfer al analizar datos ASN.1. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar este problema. • http://seclists.org/fulldisclosure/2018/Aug/46 http://www.securityfocus.com/bid/108106 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11055
https://notcve.org/view.php?id=CVE-2018-11055
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x), contiene una vulnerabilidad de limpieza indebida de memoria dinámica (heap) antes de liberarla ("Heap Inspection"). Los datos PKCS #12 descifrados en la memoria dinámica no se convierten a cero por MES antes de liberar la memoria internamente. Un usuario local malicioso podría obtener acceso a los datos no autorizados mediante la inspección del heap. • http://seclists.org/fulldisclosure/2018/Aug/46 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11056
https://notcve.org/view.php?id=CVE-2018-11056
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.1.6.1 (en las 4.1.x) y RSA BSAFE Crypto-C Micro Edition en versiones anteriores a la 4.0.5.3 (en las 4.0.x) contiene una vulnerabilidad de consumo de recursos no controlado ("Resource Exhaustion") al analizar datos ASN.1. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa que agotarían la pila, pudiendo provocar una denegación de servicio (DoS). • http://seclists.org/fulldisclosure/2018/Aug/46 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizado a métodos que deben ser restringidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104222 http://www.securitytracker.com/id/1041888 http://www.securitytracker.com/id/1041896 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-1258 https://security.netapp.com/advisory/ntap-20181018-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle& • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2765
https://notcve.org/view.php?id=CVE-2018-2765
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103808 http://www.securitytracker.com/id/1040695 https://www.oracle.com/security-alerts/cpuoct2020.html •