CVSS: 9.8EPSS: 10%CPEs: 5EXPL: 1CVE-2019-6260
https://notcve.org/view.php?id=CVE-2019-6260
22 Jan 2019 — The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC De... • https://github.com/nikitapbst/cve-2019-6260 •
CVSS: 5.3EPSS: 90%CPEs: 32EXPL: 41CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
17 Aug 2018 — OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto e... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •