CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2019-4102
https://notcve.org/view.php?id=CVE-2019-4102
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.0 usa algoritmos criptográficos más débiles de lo esperado que permitiría que un atacante descifre información muy confidencial. ID de IBM X-Force: 158092. • http://www.securityfocus.com/bid/109026 https://exchange.xforce.ibmcloud.com/vulnerabilities/158092 https://www.ibm.com/support/docview.wss?uid=ibm10880743 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4377
https://notcve.org/view.php?id=CVE-2019-4377
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. IBM Sterling B2B Integrator versiones 6.0.0.0 y 6.0.0.1, revela información confidencial de un rastreo de pila que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 162803. • http://www.securityfocus.com/bid/108915 https://exchange.xforce.ibmcloud.com/vulnerabilities/162083 https://www.ibm.com/support/docview.wss?uid=ibm10887853 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1853
https://notcve.org/view.php?id=CVE-2018-1853
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. IBM Tivoli Storage Manager (IBM Spectrum Protect versiones 7.1 y 8.1), podría permitir a un atacante remoto secuestrar la acción de cliqueo de la víctima. Al persuadir a una víctima a que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de cliqueo de la víctima y posiblemente lanzar más ataques contra la víctima. • http://www.ibm.com/support/docview.wss?uid=ibm10870718 https://exchange.xforce.ibmcloud.com/vulnerabilities/151014 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8989
https://notcve.org/view.php?id=CVE-2017-8989
A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. Una vulnerabilidad de seguridad en HPE IceWall SSO Dfw 10.0 y 11.0 en RHEL, HP-UX y Windows podría ser explotado remotamente para permitir la redirección de URL. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03833en_us • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •