CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2654 – OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
https://notcve.org/view.php?id=CVE-2020-2654
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 1CVE-2019-19906 – cyrus-sasl: denial of service in _sasl_add_string function
https://notcve.org/view.php?id=CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. cyrus-sasl (también se conoce como Cyrus SASL) versión 2.1.27, presenta una escritura fuera de límites conllevando a una denegación de servicio remota no autenticada en OpenLDAP por medio de un paquete LDAP malformado. El bloqueo de OpenLDAP es causado en última instancia por un error por un paso en la función _sasl_add_string en el archivo common.c en cyrus-sasl. • http://seclists.org/fulldisclosure/2020/Jul/23 http://seclists.org/fulldisclosure/2020/Jul/24 http://www.openwall.com/lists/oss-security/2022/02/23/4 https://github.com/cyrusimap/cyrus-sasl/issues/587 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/12/msg00027.h • CWE-193: Off-by-one Error CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerpc / kernel / entry_64.S y arch / powerpc / kernel / security.c. A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/27/1 https://access.redhat.com/errata/RHSA-2020:0174 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad https://lists.fedoraproject.org& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4980
https://notcve.org/view.php?id=CVE-2016-4980
A password generation weakness exists in xquest through 2016-06-13. Existe una debilidad de generación de contraseña en xquest hasta 13-06-2016. • https://access.redhat.com/security/cve/cve-2016-4980 https://bugzilla.redhat.com/show_bug.cgi?id=1346016 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4980 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVW2QJFNZUZYBN4M4YUE7S2NZBWWMGES • CWE-330: Use of Insufficiently Random Values •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3585
https://notcve.org/view.php?id=CVE-2014-3585
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions redhat-upgrade-tool: no comprueba las firmas GPG al actualizar versiones. • https://access.redhat.com/security/cve/cve-2014-3585 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585 • CWE-347: Improper Verification of Cryptographic Signature •