CVSS: 7.5EPSS: 73%CPEs: 72EXPL: 1CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
14 Dec 2021 — JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in Au... • https://github.com/cckuailong/log4shell_1.x • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3779
https://notcve.org/view.php?id=CVE-2013-3779
17 Jul 2013 — Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. Vulnerabilidad no especificada en el componente Secure Global Desktop en Oracle Virtualization All v4.6 incluido v4.63 y v4.7 pervio a v4.71 permite a los usuarios remotos autenticados afectar a la confidencialidad, integridad y disponibilidad a trav... • http://osvdb.org/95319 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3782
https://notcve.org/view.php?id=CVE-2013-3782
17 Jul 2013 — Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI. Vulnerabilidad no especificada en el componente Secure Global Desktop en Oracle Virtualization v4.6 anterior a v4.63 y v4.7 anterior a v4.71 permite a los usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos relacionados con Web UI. • http://osvdb.org/95320 •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
23 Nov 2012 — Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape m... • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1685
https://notcve.org/view.php?id=CVE-2012-1685
16 Oct 2012 — Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. Vulnerabilidad no especificada en el componente Secure Global Desktop en Oracle Virtualization v4.6 permite a atacantes remotos afectar la integridad mediante vectores desconocidos relacionados con Core. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •