CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVE-2010-0080
https://notcve.org/view.php?id=CVE-2010-0080
Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad sin especificar en el componente PeopleSoft Enterprise HCM - eProfile en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne v8.9 Bundle, #21 y v9.0 Bundle #11, permite a usuarios autenticados remotamente comprometer la confidencialidad y la integridad a través de vectores no especificados. • http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html http://www.us-cert.gov/cas/techalerts/TA10-012A.html •
CVE-2009-3409
https://notcve.org/view.php?id=CVE-2009-3409
Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise HCM (TAM) de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne v9.0 Bundle 10, permite a usuarios autenticados en remoto comprometer la confidencialidad y la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html http://www.securityfocus.com/bid/36776 http://www.securitytracker.com/id?1023061 http://www.us-cert.gov/cas/techalerts/TA09-294A.html •
CVE-2009-1988
https://notcve.org/view.php?id=CVE-2009-1988
Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 19, and 9.0 Bundle 9 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise HRMS eProfile Manager en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 19 y 9.0 Bundle 9 permite a usuarios autenticados remotos afectar a la confidencialidad a través de vectores desconocidos. • http://osvdb.org/55910 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35696 http://www.securitytracker.com/id?1022566 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51770 •
CVE-2009-1989
https://notcve.org/view.php?id=CVE-2009-1989
Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise FMS en Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33 y 9.0 Bundle 24 permite a usuarios autenticados remotos afectar a la confidencialidad e integridad a través de vectores desconocidos. • http://osvdb.org/55911 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35694 http://www.securitytracker.com/id?1022566 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51771 •