CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3631 – Command Injection could allow authenticated users to execute arbitrary code
https://notcve.org/view.php?id=CVE-2019-3631
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Vulnerabilidad de inyección de comandos en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite que el usuario identificado ejecute códigos arbitrarios mediante parámetros creados especiales diseñados • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3630 – Command Injection could allow authenticated users to execute arbitrary code
https://notcve.org/view.php?id=CVE-2019-3630
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. La vulnerabilidad de la inyección de comandos en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite al usuario autorizado ejecutar código arbitrario a través de parámetros especialmente diseñados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3629 – Application protections bypass vulnerability could allow unauthenticated user to impersonate system users
https://notcve.org/view.php?id=CVE-2019-3629
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. La vulnerabilidad de omisión de la protección de aplicaciones en McAfee Enterprise Security Manager (ESM) anterior a la 11.2.0 y anterior a la 10.4.0 permite a los usuarios no identificados hacerse pasar por usuarios del sistema a través de parámetros especialmente diseñados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1992
https://notcve.org/view.php?id=CVE-2016-1992
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. HPE ArcSight ESM en versiones anterioes a 6.8c y ArcSight ESM Express en versiones anteriores a 6.9.1, permiten a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1035307 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 81%CPEs: 58EXPL: 0CVE-2015-7704 – ntp: disabling synchronization via crafted KoD packet
https://notcve.org/view.php?id=CVE-2015-7704
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. El cliente ntpd en NTP 4.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio empleando una serie de mensajes "KOD" manipulados. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. • http://bugs.ntp.org/show_bug.cgi?id=2901 http://rhn.redhat.com/errata/RHSA-2015-1930.html http://rhn.redhat.com/errata/RHSA-2015-2520.html http://support.ntp.org/bin/view/Main/NtpBug2901 http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/77280 http://www.securitytracker.com/id/1 • CWE-20: Improper Input Validation •