CVSS: 8.3EPSS: 1%CPEs: 248EXPL: 6CVE-2021-2351 – Oracle Database Weak NNE Integrity Key Derivation
https://notcve.org/view.php?id=CVE-2021-2351
20 Jul 2021 — Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful atta... • https://packetstorm.news/files/id/165258 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 8.1EPSS: 16%CPEs: 10EXPL: 0CVE-2021-26117 – ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
https://notcve.org/view.php?id=CVE-2021-26117
27 Jan 2021 — The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. El módulo de inicio de sesión LDAP de ActiveMQ opcional puede ser configurado para usar el acceso anónimo al servidor LDAP. En este caso, para Apache ActiveMQ Artemis an... • https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E • CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0CVE-2020-27218 – jetty: buffer not correctly recycled in Gzip Request inflation
https://notcve.org/view.php?id=CVE-2020-27218
28 Nov 2020 — In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the bo... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.0EPSS: 0%CPEs: 33EXPL: 2CVE-2020-27216 – jetty: local temporary directory hijacking vulnerability
https://notcve.org/view.php?id=CVE-2020-27216
23 Oct 2020 — In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 • CWE-377: Insecure Temporary File CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.5EPSS: 0%CPEs: 71EXPL: 0CVE-2020-11979 – ant: insecure temporary file
https://notcve.org/view.php?id=CVE-2020-11979
01 Oct 2020 — As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Como mitigación para CVE-2020-1945, Apache Ant versión 1.10.8, cambió los permisos de los archivos temporales que creó ... • https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm • CWE-377: Insecure Temporary File CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 8.7EPSS: 57%CPEs: 77EXPL: 1CVE-2020-5421 – RFD Protection Bypass via jsessionid
https://notcve.org/view.php?id=CVE-2020-5421
19 Sep 2020 — In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante ... • https://github.com/pandaMingx/CVE-2020-5421 •
CVSS: 9.8EPSS: 19%CPEs: 8EXPL: 0CVE-2020-11998
https://notcve.org/view.php?id=CVE-2020-11998
10 Sep 2020 — A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remo... • http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13920 – activemq: improper authentication allows MITM attack
https://notcve.org/view.php?id=CVE-2020-13920
10 Sep 2020 — Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. Apache ActiveMQ usa la función Locat... • http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2020-5413 – Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"
https://notcve.org/view.php?id=CVE-2020-5413
31 Jul 2020 — Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive aga... • https://tanzu.vmware.com/security/cve-2020-5413 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 10%CPEs: 14EXPL: 0CVE-2020-1941
https://notcve.org/view.php?id=CVE-2020-1941
14 May 2020 — In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. En Apache ActiveMQ versiones 5.0.0 hasta 5.15.11, la Interfaz de Usuario Gráfica de administración webconsole está abierta a un ataque de tipo XSS, en la vista que enumera el contenido de una cola. • http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •