Lucene search
+L
OracleCommunications Performance Intelligence Center

15 matches found

CVE
CVE
added 2021/01/26 12:0 a.m.4746 views

CVE-2021-3156

CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...

7.8CVSS8.3AI score0.99295EPSS
In wild
CVE
CVE
added 2021/12/18 11:55 a.m.1191 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/08/20 8:10 p.m.956 views

CVE-2019-10086

CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...

7.5CVSS7.3AI score0.28839EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.928 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2020/03/06 2:7 p.m.721 views

CVE-2020-10188

CVE-2020-10188 affects the telnetd server of netkit telnet (up to 0.17). The issue is a buffer overflow caused by incorrect bounds checks in handling short writes and urgent data (netclear/nextitem), enabling remote arbitrary code execution by unauthenticated attackers. Connected advisories confi...

10CVSS9.9AI score0.74513EPSS
CVE
CVE
added 2020/06/05 2:20 p.m.476 views

CVE-2020-12723

CVE-2020-12723 : In Perl, regcomp.c allows a buffer overflow in the regex compiler due to crafted regular expressions, caused by recursive S_study_chunk calls. The issue affects Perl before 5.30.3, notably on 32‑bit platforms. Reports in Connected documents indicate fixes have been released (e.g....

7.5CVSS8.1AI score0.05971EPSS
CVE
CVE
added 2020/06/05 1:27 p.m.392 views

CVE-2020-10878

Perl before 5.30.3 contains an integer overflow in the regular expression compiler (related to PL_regkind[OP(n)] == NOTHING). A crafted regex can produce malformed bytecode with a possibility of instruction injection, as documented by multiple advisories and CVEs (e.g., CVE-2020-10878). Public re...

8.6CVSS8.8AI score0.04879EPSS
CVE
CVE
added 2020/06/05 1:17 p.m.375 views

CVE-2020-10543

CVE-2020-10543 affects Perl before 5.30.3 on 32-bit platforms, where nested regular expression quantifiers cause a heap-based buffer overflow (integer overflow) in the regex compiler. The connected advisories confirm fixes/updates for Perl (e.g., CloudLinux, AlmaLinux, ALAS2), indicating remediat...

8.2CVSS8.7AI score0.11334EPSS
CVE
CVE
added 2018/04/06 1:0 p.m.281 views

CVE-2018-1270

Summary: CVE-2018-1270 affects Spring Framework versions 5.0.x before 5.0.5 and 4.3.x before 4.3.15 (and older unsupported) via the spring-messaging module, which can expose STOMP over WebSocket endpoints to a simple in-memory broker. A malicious actor can craft a message to the broker that leads...

9.8CVSS9.4AI score0.77245EPSS
Web
CVE
CVE
added 2018/05/11 8:0 p.m.251 views

CVE-2018-1258

CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...

8.8CVSS9AI score0.02396EPSS
CVE
CVE
added 2018/04/06 1:0 p.m.239 views

CVE-2018-1271

The CVE-2018-1271 issue affects Spring Framework versions 5.0 before 5.0.5 and 4.3 before 4.3.15 (and older unsupported) where Spring MVC can be configured to serve static resources from the Windows file system. A malicious user can issue a crafted URL to trigger a directory traversal when resour...

5.9CVSS7.2AI score0.35681EPSS
CVE
CVE
added 2018/04/11 1:0 p.m.228 views

CVE-2018-1275

CVE-2018-1275 affects Spring Framework’s spring-messaging module: STOMP over WebSocket exposure in 5.0.x (pre-5.0.5) and 4.3.x (pre-4.3.16). A malicious message to the in‑memory STOMP broker can lead to remote code execution. Public advisories note fixes in respective branches; for Debian 9, libs...

9.8CVSS9.3AI score0.57632EPSS
CVE
CVE
added 2018/04/06 1:0 p.m.187 views

CVE-2018-1272

CVE-2018-1272 affects Spring Framework: versions 5.0 before 5.0.5 and 4.3 before 4.3.15 (and older unsupported) have a flaw in multipart request handling where an injected extra multipart in a server A→server B flow can cause server B to misread a part, potentially enabling privilege escalation. ...

7.5CVSS8.3AI score0.03085EPSS
CVE
CVE
added 2018/06/25 3:0 p.m.183 views

CVE-2018-11039

CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...

5.9CVSS6.9AI score0.02781EPSS
CVE
CVE
added 2018/05/11 8:0 p.m.145 views

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

6.5CVSS7AI score0.03237EPSS