CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2021-37334
https://notcve.org/view.php?id=CVE-2021-37334
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server. • https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2014-2421 – Oracle Java JPEG Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2421
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JavaFX 2.2.51; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images. The issue lies in the ability to control the count parameter to a call to memmove. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support •
CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2014-0453 – OpenJDK: RSA unpadding timing issues (Security, 8027766)
https://notcve.org/view.php?id=CVE-2014-0453
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con la seguridad. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59022 http://secunia.com/advisories/59023 http://secunia.com/advisories/59071 http://secunia.com/advisories/59082 http://secunia.com/adviso •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-0461 – OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)
https://notcve.org/view.php?id=CVE-2014-0461
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con las librerías. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672 •
CVSS: 3.5EPSS: 0%CPEs: 22EXPL: 0CVE-2014-2398 – OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)
https://notcve.org/view.php?id=CVE-2014-2398
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JavaFX 2.2.51; y JRockit R27.8.1 y R28.3.1 permite a usuarios autenticados remotamente afectar a la integridad a través de vectores relacionados con Javadoc. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support •