CVSS: 5.9EPSS: 65%CPEs: 213EXPL: 10CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
https://notcve.org/view.php?id=CVE-2021-45105
18 Dec 2021 — Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales.... • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0850
https://notcve.org/view.php?id=CVE-2011-0850
20 Apr 2011 — Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture. Vulnerabilidad sin especificar en Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 permite a usuarios autenticados remotos vulnerar la confidencialidad e integridad a través de vectores desconocidos relacionados con el "Order Capture" (obtención de pedidos). • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVSS: 8.8EPSS: 6%CPEs: 38EXPL: 0CVE-2007-3854
https://notcve.org/view.php?id=CVE-2007-3854
18 Jul 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5+, 9.2.0.7 y 10.1.0.5, permiten a usuarios auten... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2005-3466
https://notcve.org/view.php?id=CVE-2005-3466
02 Nov 2005 — Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. • http://secunia.com/advisories/17250 •