Lucene search

K
OracleCommunications Application Session Controller3.7.1

5 matches found

CVE
CVE
added 2017/04/06 9:59 p.m.963 views

CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency wit...

9.8CVSS8AI score0.94003EPSS
CVE
CVE
added 2018/10/04 1:29 p.m.655 views

CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the a...

4.3CVSS5.1AI score0.86748EPSS
CVE
CVE
added 2018/07/09 8:29 p.m.242 views

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deseri...

9.8CVSS8.6AI score0.04619EPSS
CVE
CVE
added 2018/06/05 1:29 p.m.178 views

CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta ...

7.5CVSS7.1AI score0.00221EPSS
CVE
CVE
added 2017/05/04 7:29 p.m.96 views

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

7.5CVSS7.3AI score0.58568EPSS