CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24333
https://notcve.org/view.php?id=CVE-2020-24333
22 Sep 2020 — A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. Una vulnerabilidad en CloudVision Portal (CVP) de Arista versiones anteriores a 2020.2, permite a usuarios con derechos de acceso "read-only" o superiores en el módulo Configlet Management descargar archivos no previstos para acceso, ubicados en el servi... • https://www.arista.com/en/support/advisories-notices •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13881 – Ubuntu Security Notice USN-4521-1
https://notcve.org/view.php?id=CVE-2020-13881
06 Jun 2020 — In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. En el archivo support.c en pam_tacplus versiones 1.3.8 hasta 1.5.1, el secreto compartido TACACS+ es registrado por medio de syslog si el nivel de registro DEBUG y journald son usados It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information... • http://www.openwall.com/lists/oss-security/2020/06/08/1 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 5%CPEs: 18EXPL: 2CVE-2019-17596 – golang: invalid public key causes panic in dsa.Verify
https://notcve.org/view.php?id=CVE-2019-17596
24 Oct 2019 — Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. Go versiones anteriores a 1.12.11 y versiones 1.3.x anteriores a 1.13.2, puede entrar en pánico tras intentar procesar el tráfico de red que contiene una clave pública DSA no válida. Existen varios escenarios de ataque, tal y como el tráfico de un cliente hacia un s... • https://github.com/pquerna/poc-dsa-verify-CVE-2019-17596 • CWE-295: Improper Certificate Validation CWE-436: Interpretation Conflict •