CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2000
https://notcve.org/view.php?id=CVE-2021-2000
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-1993
https://notcve.org/view.php?id=CVE-2021-1993
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-5360
https://notcve.org/view.php?id=CVE-2020-5360
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Lectura Insuficiente del Búfer. Un atacante remoto no autenticado podría explotar esta vulnerabilidad resultando en un comportamiento indefinido o un bloqueo de los sistemas afectados • https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-5359
https://notcve.org/view.php?id=CVE-2020-5359
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Valor de Retorno No Comprobado. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para modificar y corromper los datos cifrados • https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-252: Unchecked Return Value CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 3.3EPSS: 0%CPEs: 23EXPL: 1CVE-2020-8908 – Temp directory permission issue in Guava
https://notcve.org/view.php?id=CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. • https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40 https://github.com/google/guava/issues/4011 https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-378: Creation of Temporary File With Insecure Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •