CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8180
https://notcve.org/view.php?id=CVE-2014-8180
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. MongoDB sobre Red Hat Satellite 6 permite a usuarios locales evitar la autenticación iniciando sesión con una contraseña vacía y borrar información que podría causar una denegación de servicio. • https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod https://bugzilla.redhat.com/show_bug.cgi?id=1301703 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7470 – spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks
https://notcve.org/view.php?id=CVE-2017-7470
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. Se ha encontrado que spacewalk-channel puede ser utilizado por un usuario no administrador o por usuarios deshabilitados para realizar tareas administrativas debido a una verificación de autorización incorrecta en backend/servidor/rhnChannel.py. • http://www.securityfocus.com/bid/98569 https://access.redhat.com/errata/RHSA-2017:1259 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470 https://access.redhat.com/security/cve/CVE-2017-7470 https://bugzilla.redhat.com/show_bug.cgi?id=1439622 • CWE-863: Incorrect Authorization •
CVSS: 3.1EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3539 – OpenJDK: MD5 allowed for jar verification (Security, 8171121)
https://notcve.org/view.php?id=CVE-2017-3539
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. • http://www.debian.org/security/2017/dsa-3858 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97752 http://www.securitytracker.com/id/1038286 https://access.redhat.com/errata/RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1119 https://access.redhat.com/errata/RHS • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2017-3544 – OpenJDK: newline injection in the SMTP client (Networking, 8171533)
https://notcve.org/view.php?id=CVE-2017-3544
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://www.debian.org/security/2017/dsa-3858 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97745 http://www.securitytracker.com/id/1038286 https://access.redhat.com/errata/RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1119 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2017-3533 – OpenJDK: newline injection in the FTP client (Networking, 8170222)
https://notcve.org/view.php?id=CVE-2017-3533
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://www.debian.org/security/2017/dsa-3858 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97740 http://www.securitytracker.com/id/1038286 https://access.redhat.com/errata/RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1119 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation •