CVSS: 8.8EPSS: 80%CPEs: 36EXPL: 0CVE-2020-11853 – Arbitrary code execution vulnerability on multiple Micro Focus products
https://notcve.org/view.php?id=CVE-2020-11853
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) • http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html https://softwaresupport.softwaregrp.com/doc/KM03747657 https://softwaresupport.softwaregrp.com/doc/KM03747658 https://softwaresupport.softwaregrp.com/doc/KM03747854 https://softwaresupport.softwaregrp.com/doc/KM03747948 https://softwaresupport.softwaregrp.com/doc/KM03747949 https://softwaresupport.softwaregrp.com/doc/KM03747950 https://soft •
CVSS: 7.8EPSS: 74%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2013-4844
https://notcve.org/view.php?id=CVE-2013-4844
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en HP Service Manager 7.11, 9.21, 9.30, 9.31, y 9.32, y ServiceCenter 6.2.8, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4827 – Hewlett-Packard Intelligent Management Center APM monitorId SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2013-4827
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664. Vulnerabilidad de inyección SQL en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar, también conocido como ZDI-CAN-1664. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APM module's AppDataDaoImpl class. The monitorId parameter does not sufficiently sanitize input, allowing for SQL injection without authentication. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 97%CPEs: 2EXPL: 0CVE-2013-4824 – Hewlett-Packard Intelligent Management Center SOM euAccountService Servlet Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-4824
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. Vulnerabilidad no especificada en P Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos sortear la autenticación a través de vectores desconocidos, tambien conocido como ZDI-CAN-1644. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOM's euAccountService servlet. No authentication is required to take advantage of this vulnerability, which allows the creation of a web administration account. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-287: Improper Authentication •