CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2334
https://notcve.org/view.php?id=CVE-2021-2334
20 Jul 2021 — Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2245
https://notcve.org/view.php?id=CVE-2021-2245
22 Apr 2021 — Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Editio... • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 2.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-2207 – Oracle RMAN Missing Auditing
https://notcve.org/view.php?id=CVE-2021-2207
22 Apr 2021 — Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some ... • https://packetstorm.news/files/id/174448 •
CVSS: 7.5EPSS: 2%CPEs: 55EXPL: 0CVE-2021-25122 – Apache Tomcat h2c request mix-up
https://notcve.org/view.php?id=CVE-2021-25122
01 Mar 2021 — When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. Cuando se responde a nuevas peticiones de conexión h2c, Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41 y versiones 8.5.0 hasta 8.5.61, podrían duplicar los encabezados de petici... • http://www.openwall.com/lists/oss-security/2021/03/01/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 4%CPEs: 60EXPL: 0CVE-2021-25329 – Incomplete fix for CVE-2020-9484
https://notcve.org/view.php?id=CVE-2021-25329
01 Mar 2021 — The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. La corrección para el CVE-2020-9484 estaba incompleta. Cuando se usa Apache To... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2020-5360
https://notcve.org/view.php?id=CVE-2020-5360
16 Dec 2020 — Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Lectura Insuficiente del Búfer. Un atacante remoto no autenticado podría explotar esta vulnerabilidad resultando en un comportamiento indefinido o u... • https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-5359
https://notcve.org/view.php?id=CVE-2020-5359
16 Dec 2020 — Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Valor de Retorno No Comprobado. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para modificar y corromper los datos cifrados • https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities • CWE-252: Unchecked Return Value CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 3CVE-2020-2978 – Oracle RMAN Missing Auditing
https://notcve.org/view.php?id=CVE-2020-2978
15 Jul 2020 — Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerab... • https://packetstorm.news/files/id/172183 •
CVSS: 7.0EPSS: 93%CPEs: 77EXPL: 19CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
20 May 2020 — When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d)... • https://packetstorm.news/files/id/157924 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2019-3740
https://notcve.org/view.php?id=CVE-2019-3740
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves DSA. Un atacante remoto malicioso podría explota... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •