CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14545
https://notcve.org/view.php?id=CVE-2020-14545
15 Jul 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical dat... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14724 – Oracle Solaris 11 Device Driver Utility 1.3.1 Race Condition
https://notcve.org/view.php?id=CVE-2020-14724
15 Jul 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/158435 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4320
https://notcve.org/view.php?id=CVE-2020-4320
16 Jun 2020 — IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. IBM MQ Appliance e IBM MQ AMQP Channels versiones 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, no bloquean ni habilitan correctamente a los clientes basados en la configuración SSLPEER del nombre distinguido del certificado. IBM X-Force ID: 177403 • https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4310
https://notcve.org/view.php?id=CVE-2020-4310
16 Jun 2020 — IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. IBM MQ y MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y versión 9.1 C, son vulnerables a un ataque de denegación de servicio debido a un error en la lógica de Conversión de Datos. ID de IBM X-Force: 177081 • https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4365
https://notcve.org/view.php?id=CVE-2020-4365
14 May 2020 — IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. IBM WebSphere Application Server versión 8.5, es vulnerable a un ataque de tipo server-side request forgery. Al enviar una petición especialmente diseñada, un atacante autenticado remoto podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4299
https://notcve.org/view.php?id=CVE-2020-4299
14 May 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podría exponer información confidencial a un usuario por medio de una petición HTTP especialmente diseñada. IBM X-Force ID: 176606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4259
https://notcve.org/view.php?id=CVE-2020-4259
14 May 2020 — IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, podría permitir que un usuario autentificado pudiera manipular la información de una cookie y eliminar o añadir módulos desde la cookie para acceder a funcionalidades no autorizadas. IBM X-Force ID: 175638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 71%CPEs: 13EXPL: 0CVE-2020-6950 – Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
https://notcve.org/view.php?id=CVE-2020-6950
12 May 2020 — Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Una vulnerabilidad de Salto de Directorio en Eclipse Mojarra versiones anteriores a 2.3.14, permite a atacantes leer archivos arbitrarios por medio del parámetro loc o del parámetro con A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to re... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 4%CPEs: 67EXPL: 1CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
28 Apr 2020 — In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2020-2944 – Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-2944
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/157280 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •