CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0500
https://notcve.org/view.php?id=CVE-2016-0500
21 Jan 2016 — Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Administration. Vulnerabilidad no especificada en el componente Oracle Retail Order Broker Cloud Service en Oracle Retail Applications 4.0 y 4.1 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocid... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 9.8EPSS: 52%CPEs: 120EXPL: 0CVE-2015-3253 – Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3253
16 Jul 2015 — The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Vulnerabilidad en la clase MethodClosure en runtime/MethodClosure.java en Apache Groovy desde la versión 1.7.0 hasta la versión 2.4.3, permite a atacantes remotos ejecutar código arbitrario y causar una denegación de servicio a través de un objeto serializado manipulado. A flaw was discovered in the way appl... • http://groovy-lang.org/security.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-284: Improper Access Control •