CVSS: 9.8EPSS: 12%CPEs: 14EXPL: 0CVE-2018-11307 – jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
https://notcve.org/view.php?id=CVE-2018-11307
17 Apr 2019 — An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. Se detectó un problema en jackson-databind versiones 2.0.0 hasta 2.9.5 de FasterXML. El uso de escritura predeterminada de Jackson junto con una clase de gadget de iBatis permite la exfiltración de contenido. • https://access.redhat.com/errata/RHSA-2019:0782 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-0222 – activemq: Corrupt MQTT frame can cause broker shutdown
https://notcve.org/view.php?id=CVE-2019-0222
28 Mar 2019 — In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. En Apache ActiveMQ, desde la versión 5.0.0 hasta la 5.15.8, la deserialización de una trama MQTT corrupta puede conducir a una excepción de bróker fuera de memoria, haciendo que no responda. AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protoc... • http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt •
CVSS: 5.9EPSS: 5%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-15769 – RSA BSAFE Micro Edition Suite Key Management Error
https://notcve.org/view.php?id=CVE-2018-15769
12 Nov 2018 — RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anter... • http://www.securityfocus.com/bid/105929 •
CVSS: 7.5EPSS: 10%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2018-11054 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11054
29 Aug 2018 — RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. RSA BSAFE Micro Edition Suite, en su versión 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar una denegación de servicio (DoS). RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exha... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11055 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11055
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x)... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0CVE-2018-11056 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11056
29 Aug 2018 — RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.1.6.1 (en las 4.1.x) y RSA BSAFE Crypto-C Micro Edition en versiones anter... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11057 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11057
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x) contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como at... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 0CVE-2018-11058 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11058
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6 (en las 4.1.0); y RSA BSAFE Crypto-C Micro Edition, en versiones anterio... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-125: Out-of-bounds Read •