CVSS: 7.5EPSS: 1%CPEs: 67EXPL: 0CVE-2018-1272 – spring-framework: Multipart content pollution
https://notcve.org/view.php?id=CVE-2018-1272
06 Apr 2018 — Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-10172
https://notcve.org/view.php?id=CVE-2017-10172
08 Aug 2017 — Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, ... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 5.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-10173
https://notcve.org/view.php?id=CVE-2017-10173
08 Aug 2017 — Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. While the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerab... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3451
https://notcve.org/view.php?id=CVE-2017-3451
24 Apr 2017 — Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attack... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3296
https://notcve.org/view.php?id=CVE-2017-3296
27 Jan 2017 — Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Orac... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0522
https://notcve.org/view.php?id=CVE-2016-0522
21 Jan 2016 — Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework. Vulnerabilidad no especificada en el componente Oracle Retail Open Commerce Platform Cloud Service en Oracle Retail Applications 3.5, 4.5, 4.7 y 5.0 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a ... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2607
https://notcve.org/view.php?id=CVE-2015-2607
16 Jul 2015 — Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality via unknown vectors related to Content Acquisition System. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0 y 11.1, permite a atacantes remotos afectar la confidenciali... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2653
https://notcve.org/view.php?id=CVE-2015-2653
16 Jul 2015 — Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Acquisition System. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.1.1, 3.1.2, 11.0 y 11.1, permite a atacantes remotos afectar la confidenciali... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0510
https://notcve.org/view.php?id=CVE-2015-0510
16 Apr 2015 — Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface. Vulnerabilidad no especificada en el componente Oracle Commerce Platform en Oracle Commerce Platform 9.4, 10.0, y 10.2 permite a atacantes remotos afectar la integridad a través de vectores relacionados con Dynamo Application Framework - HTML Admin User Interface. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html •