CVSS: 6.5EPSS: 1%CPEs: 39EXPL: 0CVE-2019-3739
https://notcve.org/view.php?id=CVE-2019-3739
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves ECDSA. Un atacante remoto malicioso podría explotar potencialmente ... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2019-3738
https://notcve.org/view.php?id=CVE-2019-3738
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J en versiones anteriores a la 6.2.5, son susceptibles a una vulnerabilidad Missing Required Cryptographic Step. Un atacante remoto malicioso podría explotar potencialmente esta vulnerabilidad para obligar a dos partes a calcular la misma... • https://kc.mcafee.com/corporate/index?page=content&id=SB10318 • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 13%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5475
https://notcve.org/view.php?id=CVE-2016-5475
21 Jul 2016 — Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install. Vulnerabilidad no especificada en el componente Oracle Retail Service Backbone en Oracle Retail Applications 14.0, 14.1 y 15.0 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados co... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2016-5474
https://notcve.org/view.php?id=CVE-2016-5474
21 Jul 2016 — Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel. Vulnerabilidad no especificada en el componente Oracle Retail Service Backbone en Oracle Retail Applications 14.0, 14.1 y 15.0 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados... • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 9.8EPSS: 52%CPEs: 120EXPL: 0CVE-2015-3253 – Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3253
16 Jul 2015 — The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Vulnerabilidad en la clase MethodClosure en runtime/MethodClosure.java en Apache Groovy desde la versión 1.7.0 hasta la versión 2.4.3, permite a atacantes remotos ejecutar código arbitrario y causar una denegación de servicio a través de un objeto serializado manipulado. A flaw was discovered in the way appl... • http://groovy-lang.org/security.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-284: Improper Access Control •