CVSS: 8.2EPSS: 0%CPEs: 37EXPL: 0CVE-2020-11987 – batik: SSRF due to improper input validation by the NodePickerPanel
https://notcve.org/view.php?id=CVE-2020-11987
24 Feb 2021 — Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Apache Batik versión 1.13 es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación de entrada inapropiada por parte de NodePickerPanel. Al usar un argumento especialmente diseñado, un atacante podría e... • https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 3CVE-2021-27568 – json-smart: uncaught exception may lead to crash or information disclosure
https://notcve.org/view.php?id=CVE-2021-27568
23 Feb 2021 — An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. Se detectó un problema en netplex json-smart-v1 hasta el 23-10-2015 y json-smart-v2 hasta 2.4. Una excepción es lanzada desde una función, pero no es detectada, como es demostrado por la función Numb... • https://github.com/arsalanraja987/java-insecure-random-cve-2021-27568 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-28491 – Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2020-28491
18 Feb 2021 — This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. Esto afecta al paquete com.fasterxml.jackson.dataformat:jackson-dataformat-cbor versiones desde 0 y anteriores a 2.11.4, versiones desde 2.12.0-rc1 y anteriores a 2.12.1. Una asignación no comprobada de búfer de bytes puede causar una excepción de java.lang.OutOfMemoryError Red... • https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 93%CPEs: 5EXPL: 10CVE-2021-2109 – Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
https://notcve.org/view.php?id=CVE-2021-2109
20 Jan 2021 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/161053 •
CVSS: 9.8EPSS: 26%CPEs: 5EXPL: 0CVE-2021-2075
https://notcve.org/view.php?id=CVE-2021-2075
20 Jan 2021 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 9.8EPSS: 26%CPEs: 3EXPL: 0CVE-2021-2047
https://notcve.org/view.php?id=CVE-2021-2047
20 Jan 2021 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2033
https://notcve.org/view.php?id=CVE-2021-2033
20 Jan 2021 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.3 (... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 8.3EPSS: 1%CPEs: 11EXPL: 0CVE-2021-2018
https://notcve.org/view.php?id=CVE-2021-2018
20 Jan 2021 — Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vul... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 10.0EPSS: 94%CPEs: 5EXPL: 40CVE-2020-14882 – Oracle WebLogic Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14882
21 Oct 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/161128 •
CVSS: 10.0EPSS: 94%CPEs: 5EXPL: 7CVE-2020-14883 – Oracle WebLogic Server Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2020-14883
21 Oct 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/160143 •