CVSS: 8.4EPSS: 0%CPEs: 39EXPL: 0CVE-2019-4154
https://notcve.org/view.php?id=CVE-2019-4154
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM X-Force ID: 158519. • http://www.securityfocus.com/bid/109024 https://exchange.xforce.ibmcloud.com/vulnerabilities/158519 https://www.ibm.com/support/docview.wss?uid=ibm10880737 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2019-4102
https://notcve.org/view.php?id=CVE-2019-4102
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.0 usa algoritmos criptográficos más débiles de lo esperado que permitiría que un atacante descifre información muy confidencial. ID de IBM X-Force: 158092. • http://www.securityfocus.com/bid/109026 https://exchange.xforce.ibmcloud.com/vulnerabilities/158092 https://www.ibm.com/support/docview.wss?uid=ibm10880743 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4377
https://notcve.org/view.php?id=CVE-2019-4377
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. IBM Sterling B2B Integrator versiones 6.0.0.0 y 6.0.0.1, revela información confidencial de un rastreo de pila que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 162803. • http://www.securityfocus.com/bid/108915 https://exchange.xforce.ibmcloud.com/vulnerabilities/162083 https://www.ibm.com/support/docview.wss?uid=ibm10887853 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1853
https://notcve.org/view.php?id=CVE-2018-1853
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. IBM Tivoli Storage Manager (IBM Spectrum Protect versiones 7.1 y 8.1), podría permitir a un atacante remoto secuestrar la acción de cliqueo de la víctima. Al persuadir a una víctima a que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de cliqueo de la víctima y posiblemente lanzar más ataques contra la víctima. • http://www.ibm.com/support/docview.wss?uid=ibm10870718 https://exchange.xforce.ibmcloud.com/vulnerabilities/151014 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.6EPSS: 0%CPEs: 68EXPL: 1CVE-2017-2751
https://notcve.org/view.php?id=CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. Se ha notificado una vulnerabilidad de extracción de contraseñas de la BIOS en determinados notebooks de consumo con firmware F.22 y otros. La contraseña de la BIOS se almacenó en CMOS de forma que permitía su extracción. • https://github.com/BaderSZ/CVE-2017-2751 https://support.hp.com/us-en/document/c05913581 • CWE-522: Insufficiently Protected Credentials •