CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21622
https://notcve.org/view.php?id=CVE-2022-21622
18 Oct 2022 — Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21562
https://notcve.org/view.php?id=CVE-2022-21562
19 Jul 2022 — Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Fabric Layer). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). • https://www.oracle.com/security-alerts/cpujul2022.html •
CVSS: 7.5EPSS: 7%CPEs: 34EXPL: 0CVE-2019-17359
https://notcve.org/view.php?id=CVE-2019-17359
08 Oct 2019 — The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. El analizador ASN.1 en Bouncy Castle Crypto (también se conoce como BC Java) versión 1.63, puede desencadenar un intento de asignación de memoria grande y un error OutOfMemoryError resultante, por medio de datos ASN.1 diseñados. Esto se corrige en la versión 1.64. • https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •