CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
https://notcve.org/view.php?id=CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 https://github.com/tejas-nagchandi/CVE-2021-45105 https://github.com/pravin-pp/log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105-v htt • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVE-2011-0850
https://notcve.org/view.php?id=CVE-2011-0850
Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture. Vulnerabilidad sin especificar en Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 permite a usuarios autenticados remotos vulnerar la confidencialidad e integridad a través de vectores desconocidos relacionados con el "Order Capture" (obtención de pedidos). • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVE-2007-3854
https://notcve.org/view.php?id=CVE-2007-3854
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5+, 9.2.0.7 y 10.1.0.5, permiten a usuarios autenticados remotoss tener un impacto desconocido por medio de (1) SYS.DBMS_PRVTAQIS en el componente Advanced Queuing (DB02) y (2) MDSYS.MD en el componente Spatial (DB12). NOTA: Oracle no ha cuestionado las afirmaciones de investigadores confiables de que DB02 es para una inyección SQL y DB12 para un desbordamiento de búfer. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 http://secunia.com/advisories/26114 http://secunia.com/advisories/26166 http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html http://w •
CVE-2005-3466
https://notcve.org/view.php?id=CVE-2005-3466
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. • http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •