CVSS: 9.8EPSS: 92%CPEs: 6EXPL: 11CVE-2015-4852 – Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2015-4852
18 Nov 2015 — The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. El componente WLS Security en Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0 y 12.2.1.0 permite a atacantes remotos ejecutar coman... • https://packetstorm.news/files/id/152268 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2015-7940 – bouncycastle: Invalid curve attack allowing to extract private keys
https://notcve.org/view.php?id=CVE-2015-7940
09 Nov 2015 — The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." La librería Bouncy Castle Java en versiones anteriores a 1.51 no valida un punto que se encuentra dentro de la curva elíptica, lo que facilita a atacantes remotos obtener claves privadas a través de una serie de intercambios de clave de cu... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •