CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2020-1968 – Raccoon attack
https://notcve.org/view.php?id=CVE-2020-1968
09 Sep 2020 — The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ... • https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 1CVE-2020-24977 – libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2020-24977
03 Sep 2020 — GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. El proyecto de GNOME libxml2 v2.9.10 tiene una vulnerabilidad de sobre lectura del buffer global en xmlEncodeEntitiesInternal en libxml2/entities.c. El problema ha sido corregido en el commit 50f06b3e Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7017
https://notcve.org/view.php?id=CVE-2020-7017
27 Jul 2020 — In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. En Kibana versiones anteriores a 6.8.11 y 7.8.1, la visualización del mapa de región contiene un fallo de tipo XSS almacenado. Un atacante que es capaz de editar o crear una visualización de mapa de región pod... • https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7016
https://notcve.org/view.php?id=CVE-2020-7016
27 Jul 2020 — Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. En Kibana versiones anteriores a 6.8.11 y 7.8.1, contiene un fallo de denegación de servicio (DoS) en Timelion. Un atacante puede construir una URL que, cuando es visualizada por un usuario de Kibana, puede conllevar al proceso de Kibana a consumir grandes cantidad... • https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14612
https://notcve.org/view.php?id=CVE-2020-14612
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterpri... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14627
https://notcve.org/view.php?id=CVE-2020-14627
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional product... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14592
https://notcve.org/view.php?id=CVE-2020-14592
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additio... • https://www.oracle.com/security-alerts/cpujul2020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14600
https://notcve.org/view.php?id=CVE-2020-14600
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleS... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14564 – Gentoo Linux Security Advisory 202105-27
https://notcve.org/view.php?id=CVE-2020-14564
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.... • https://security.gentoo.org/glsa/202105-27 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14558
https://notcve.org/view.php?id=CVE-2020-14558
15 Jul 2020 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2020.html •