CVSS: 9.8EPSS: 94%CPEs: 5EXPL: 3CVE-2020-14750 – Oracle WebLogic Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14750
01 Nov 2020 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/160143 •
CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
https://notcve.org/view.php?id=CVE-2019-10086
20 Aug 2019 — In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0470
https://notcve.org/view.php?id=CVE-2016-0470
21 Jan 2016 — Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Publisher Security. Vulnerabilidad no especificada en el componente en Oracle BI Publisher en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0 y 12.2.1.0.0 permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0464
https://notcve.org/view.php?id=CVE-2016-0464
21 Jan 2016 — Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6, 12.1.2 y 12.1.3 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con WLS-Console. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4909
https://notcve.org/view.php?id=CVE-2015-4909
21 Oct 2015 — Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0 y 12.1.3.0.0 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4914
https://notcve.org/view.php?id=CVE-2015-4914
21 Oct 2015 — Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener. Vulnerabilidad no especificada en el componente Oracle HTTP Server en Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0 y 12.1.3.0 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados co... • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4838
https://notcve.org/view.php?id=CVE-2015-4838
21 Oct 2015 — Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0 y 12.1.3.0.0 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2015-1829
https://notcve.org/view.php?id=CVE-2015-1829
21 Oct 2015 — Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. Vulnerabilidad no especificada en el componente Oracle HTTP Server en Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0 y 12.1.3.0 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Web Listener. • http://www.apache.org/dist/apr/Announcement1.x.html •
CVSS: 7.5EPSS: 15%CPEs: 6EXPL: 0CVE-2014-3576 – ActiveMQ: DoS via unauthenticated remote shutdown command
https://notcve.org/view.php?id=CVE-2014-3576
11 Aug 2015 — The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Vulnerabilidad en la función processControlCommand en broker/TransportConnection.java en Apache ActiveMQ en versiones anteriores a 5.11.0, permite a atacantes remotos causar una denegación de servicio (apagado) a través de un comando de apagado. It was found that the Apache ActiveMQ broker exposed a remote shutdown comm... • http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4742
https://notcve.org/view.php?id=CVE-2015-4742
16 Jul 2015 — Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect availability via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0 y 12.1.3.0.0, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •