CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2018-11040
https://notcve.org/view.php?id=CVE-2018-11040
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. Spring Framework, en versiones 5.0.x anteriores a la 5.0.7 y versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte, permite que las aplicaciones web habiliten peticiones de dominio cruzado mediante JSONP (JSON with Padding) mediante AbstractJsonpResponseBodyAdvice para controladores REST y MappingJackson2JsonView para las peticiones del navegador. Ninguna de las dos está habilitada por defecto en Spring Framework o Spring Boot. Sin embargo, cuando MappingJackson2JsonView está configurado en una aplicación, el soporte para JSONP está automáticamente listo para ser empleado mediante los parámetros JSONP "jsonp" y "callback", lo que habilita peticiones de dominio cruzado. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html https://pivotal.io/security/cve-2018-11040 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https& • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2018-1257 – spring-framework: ReDoS Attack with spring-messaging
https://notcve.org/view.php?id=CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de denegación de servicio (DoS) de expresión regular. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104260 https://access.redhat.com/errata/RHSA-2018:1809 https://access.redhat.com/errata/RHSA-2018:3768 https://pivotal.io/security/cve-2018-1257 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizado a métodos que deben ser restringidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104222 http://www.securitytracker.com/id/1041888 http://www.securitytracker.com/id/1041896 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-1258 https://security.netapp.com/advisory/ntap-20181018-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle& • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 3%CPEs: 30EXPL: 1CVE-2018-5511 – VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-5511
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0 a la 13.1.0.3 o en la versión 13.0.0, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), también llamado utilidad BIG-IP Configuration, podrían no aplicarse las restricciones sobre los comandos permitidos. The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. • https://www.exploit-db.com/exploits/46600 http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html https://support.f5.com/csp/article/K30500703 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 9.8EPSS: 5%CPEs: 15EXPL: 0CVE-2017-4907
https://notcve.org/view.php?id=CVE-2017-4907
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. Unified Access Gateway (versiones 2.5.x, 2.7.x, 2.8.x anteriores a 2.8.1) y Horizon View (versiones 7.x anteriores a 7.1.0, versiones 6.x anteriores a 6.2.4) de VMware, contienen una vulnerabilidad de desbordamiento de búfer de la pila que puede permitir a un atacante remoto ejecutar código en la puerta de enlace de seguridad. • http://www.securityfocus.com/bid/97914 http://www.securitytracker.com/id/1038281 http://www.vmware.com/security/advisories/VMSA-2017-0008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •