CVE-2020-2755
- EPSS 0.18%
- Veröffentlicht 15.04.2020 14:15:25
- Zuletzt bearbeitet 21.11.2024 05:26:10
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticate...
CVE-2018-5489
- EPSS 0.2%
- Veröffentlicht 03.08.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:54
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules...
CVE-2016-1000338
- EPSS 0.38%
- Veröffentlicht 01.06.2018 20:29:00
- Zuletzt bearbeitet 05.05.2025 14:14:28
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in s...
CVE-2017-12615
- EPSS 94.36%
- Veröffentlicht 19.09.2017 13:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP...
CVE-2016-8735
- EPSS 93.9%
- Veröffentlicht 06.04.2017 21:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because...