CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9272 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2020-9272
20 Feb 2020 — ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. ProFTPD versión 1.3.7, presenta una vulnerabilidad de lectura fuera de límites (OOB) en mod_cap por medio de la función cap_to_text del archivo cap_text.c. Multiple vulnerabilities have been found in ProFTPd, the worst of which may lead to arbitrary code execution. Versions less than 1.3.6c are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 79%CPEs: 11EXPL: 3CVE-2019-12815 – Debian Security Advisory 4491-1
https://notcve.org/view.php?id=CVE-2019-12815
19 Jul 2019 — An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Una vulnerabilidad de copia de archivo arbitraria en mod_copy en ProFTPD hasta versión 1.3.5b, permite la ejecución de código remota y la divulgación de información sin autenticación, un problema relacionado con CVE-2015-3306. Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performe... • https://github.com/KTN1990/CVE-2019-12815 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 181EXPL: 0CVE-2017-2681
https://notcve.org/view.php?id=CVE-2017-2681
11 May 2017 — Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Los paquetes PROFINET DCP especialmente diseñados que se envían en un segmento Ethernet local (capa 2) a un producto afectado podrían causar una condi... • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 1%CPEs: 209EXPL: 0CVE-2017-2680
https://notcve.org/view.php?id=CVE-2017-2680
11 May 2017 — Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8561
https://notcve.org/view.php?id=CVE-2016-8561
18 Nov 2016 — A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones anteriores a V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones anteriores a V2.0.28). Los usuarios con privilegios elevados para el TIA-Portal y los dato... • http://www.securityfocus.com/bid/94436 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2016-8562 – Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2016-8562
18 Nov 2016 — A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service. Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones < V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones <... • http://www.securityfocus.com/bid/94436 •
CVSS: 7.5EPSS: 94%CPEs: 54EXPL: 84CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •