CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2019-12423 – cxf: OpenId Connect token service does not properly validate the clientId
https://notcve.org/view.php?id=CVE-2019-12423
16 Jan 2020 — Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.ke... • http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 7%CPEs: 34EXPL: 0CVE-2019-17359
https://notcve.org/view.php?id=CVE-2019-17359
08 Oct 2019 — The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. El analizador ASN.1 en Bouncy Castle Crypto (también se conoce como BC Java) versión 1.63, puede desencadenar un intento de asignación de memoria grande y un error OutOfMemoryError resultante, por medio de datos ASN.1 diseñados. Esto se corrige en la versión 1.64. • https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 1%CPEs: 218EXPL: 10CVE-2019-11358 – jQuery 3.3.1 - Prototype Pollution & XSS Exploit
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.9EPSS: 7%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 13%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 6%CPEs: 47EXPL: 0CVE-2018-1000613 – openSUSE Security Advisory - openSUSE-SU-2020:0607-1
https://notcve.org/view.php?id=CVE-2018-1000613
09 Jul 2018 — Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be pic... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2018-8013 – Gentoo Linux Security Advisory 202401-11
https://notcve.org/view.php?id=CVE-2018-8013
24 May 2018 — In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. En Apache Batik en versiones 1.x anteriores a la 1.10, cuando se deserializa la subclase de "AbstractDocument", la clase toma una cadena de inputStream como el nombre de clase y lo emplea para llamar al constructor no-arg ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-502: Deserialization of Untrusted Data •