CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 0CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
20 Mar 2018 — org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módul... • http://www.securityfocus.com/bid/103737 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 69%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1CVE-2016-0450 – Oracle GoldenGate Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2016-0450
21 Jan 2016 — Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle GoldenGate en Oracle GoldenGate 11.2 y 12.1.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to cause a denial condition on vulnerable installations of Oracle GoldenGate. Authentication is not required to... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 2CVE-2016-0451 – Oracle GoldenGate File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0451
21 Jan 2016 — Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452. Vulnerabilidad no especificada en el componente Oracle GoldenGate en Oracle GoldenGate 11.2 y 12.1.2 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016... • https://github.com/rwincey/Oracle-GoldenGate---CVE-2016-0451 •
CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 0CVE-2016-0452 – Oracle GoldenGate Veridata File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0452
21 Jan 2016 — Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451. Vulnerabilidad no especificada en el componente Oracle GoldenGate en Oracle GoldenGate 11.2 y 12.1.2 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •