CVSS: 5.5EPSS: 0%CPEs: 788EXPL: 1CVE-2023-6105 – ManageEngine Information Disclosure in Multiple Products
https://notcve.org/view.php?id=CVE-2023-6105
15 Nov 2023 — An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado... • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
20 Feb 2020 — Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios... • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.6EPSS: 46%CPEs: 665EXPL: 7CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://packetstorm.news/files/id/147839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 17%CPEs: 6EXPL: 2CVE-2009-0244
https://notcve.org/view.php?id=CVE-2009-0244
21 Jan 2009 — Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en el Servicio OBEX FTP en la pila de Microsoft Blue... • http://secunia.com/advisories/33598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-4540
https://notcve.org/view.php?id=CVE-2008-4540
13 Oct 2008 — Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. Windows Mobile 6 en dispositivos HTC Hermes deja activado el mecanismo de auto-completado de las contraseñas de la WLAN, lo cual permite a atacantes físicamente próximos al dispositivo evitar la autenticación de la contraseña y obtener acceso a la WLAN. • http://securityreason.com/securityalert/4402 • CWE-255: Credentials Management Errors •
CVSS: 6.2EPSS: 40%CPEs: 3EXPL: 1CVE-2008-4295 – Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service)
https://notcve.org/view.php?id=CVE-2008-4295
27 Sep 2008 — Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no... • https://www.exploit-db.com/exploits/6582 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 34%CPEs: 4EXPL: 0CVE-2007-0674
https://notcve.org/view.php?id=CVE-2007-0674
03 Feb 2007 — Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. Imágenes y Videos en el Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (cuelgue del dispositivo) mediante un fichero JPEG mal formado. • http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws •
CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 0CVE-2007-0685
https://notcve.org/view.php?id=CVE-2007-0685
03 Feb 2007 — Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. Internet Explorer en Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos provocar una denegación de servicio (caída de aplicación e inestabilidad de dispositivo) mediante vectores desconocidos, posible... • http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws •
CVSS: 5.0EPSS: 38%CPEs: 46EXPL: 1CVE-2004-0839
https://notcve.org/view.php?id=CVE-2004-0839
18 Aug 2004 — Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". • http://marc.info/?l=bugtraq&m=109303291513335&w=2 •