CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4185
https://notcve.org/view.php?id=CVE-2020-4185
30 Jul 2020 — IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. IBM Security Guardium versiones 10.5, 10.6 y 11.1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 174803 • https://exchange.xforce.ibmcloud.com/vulnerabilities/174803 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4173
https://notcve.org/view.php?id=CVE-2020-4173
09 Jul 2020 — IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. IBM Guardium Activity Insights versiones 10.6 y 11.0, no establece el atributo seguro sobre los tokens de aut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174682 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4188
https://notcve.org/view.php?id=CVE-2020-4188
23 Jun 2020 — IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. IBM Security Guardium versiones 10.6 y 11.1, puede utilizar números o valores insuficientemente aleatorios en un contexto de seguridad que depende de números impredecibles. IBM X-Force ID: 174807 • https://exchange.xforce.ibmcloud.com/vulnerabilities/174807 • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4190
https://notcve.org/view.php?id=CVE-2020-4190
03 Jun 2020 — IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. IBM Security Guardium versiones 10.6, 11.0 y 11.1, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que las usa para su propia autenticación entrante, comunicación saliente hacia componentes externos o cifrado... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174851 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 20CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://www.exploit-db.com/exploits/34777 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 105CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." ... • https://github.com/darrenmartyn/visualdoor • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •