CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3487
https://notcve.org/view.php?id=CVE-2016-3487
21 Jul 2016 — Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle WebCenter Sites en Oracle Fusion Middleware 11.1.1.8 y 12.2.1.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3502
https://notcve.org/view.php?id=CVE-2016-3502
21 Jul 2016 — Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle WebCenter Sites en Oracle Fusion Middleware 11.1.1.8 y 12.2.1.0 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 9.8EPSS: 6%CPEs: 120EXPL: 0CVE-2015-3253 – Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3253
16 Jul 2015 — The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Vulnerabilidad en la clase MethodClosure en runtime/MethodClosure.java en Apache Groovy desde la versión 1.7.0 hasta la versión 2.4.3, permite a atacantes remotos ejecutar código arbitrario y causar una denegación de servicio a través de un objeto serializado manipulado. A flaw was discovered in the way appl... • http://groovy-lang.org/security.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2014-0107 – Xalan-Java: insufficient constraints in secure processing feature
https://notcve.org/view.php?id=CVE-2014-0107
25 Mar 2014 — The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. El TransformerFactory en Apache Xalan-Java ante... • http://rhn.redhat.com/errata/RHSA-2014-0348.html • CWE-264: Permissions, Privileges, and Access Controls CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 2%CPEs: 56EXPL: 0CVE-2013-4316
https://notcve.org/view.php?id=CVE-2013-4316
30 Sep 2013 — Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html • CWE-16: Configuration CWE-284: Improper Access Control •