CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3307
https://notcve.org/view.php?id=CVE-2017-3307
24 Apr 2017 — Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in u... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 9.8EPSS: 92%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5590
https://notcve.org/view.php?id=CVE-2016-5590
27 Jan 2017 — Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 9.8EPSS: 94%CPEs: 56EXPL: 0CVE-2016-8735 – Apache Tomcat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8735
18 Dec 2016 — Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. La ejecución remota de código es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones ... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3461
https://notcve.org/view.php?id=CVE-2016-3461
21 Apr 2016 — Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server. Vulnerabilidad no especificada en el componente MySQL Enterprise Monitor en Oracle MySQL 3.0.25 y versiones anteriores y 3.1.2 y versiones anteriores permite a administradores remotos afectar a la confidencialidad, integridad y disponibilidad a través de vecto... • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •
CVSS: 9.0EPSS: 6%CPEs: 19EXPL: 0CVE-2015-3144 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3144
22 Apr 2015 — The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." La función fix_hostname en cURL y libcurl 7.37.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera... • http://curl.haxx.se/docs/adv_20150422D.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 56EXPL: 0CVE-2013-4316
https://notcve.org/view.php?id=CVE-2013-4316
30 Sep 2013 — Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html • CWE-16: Configuration CWE-284: Improper Access Control •