Page 44 of 733 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-14856 – ansible: Incomplete fix for CVE-2019-10206

https://notcve.org/view.php?id=CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ansible versiones anteriores a 2.8.6, 2.7.14, 2.6.20 es vulnerable a un None The fix for CVE-2019-10206 was found to be incomplete for the data disclosure flaw in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856 https://access.redhat.com/security/cve/CVE-2019-14856 https://bugzilla.redhat.com/show_bug.cgi?id=1760829 • CWE-287: Improper Authentication •

CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0

CVE-2019-2958

https://notcve.org/view.php?id=CVE-2019-2958

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html https://security.netapp.com/advisory/ntap-20191017-0001 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

CVE-2019-2933

https://notcve.org/view.php?id=CVE-2019-2933

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://kc.mcafee.com/corporate/index?page=content&id=SB10315 https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html https://security.netapp.com/advisory/ntap-20191017-0001 •

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0

CVE-2019-2894

https://notcve.org/view.php?id=CVE-2019-2894

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.openwall.com/lists/oss-security/2019/10/02/2 http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://kc.mcafee.com/corporate/index?page=content&id=SB10315 https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html https:/ •

CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2019-2949 – OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)

https://notcve.org/view.php?id=CVE-2019-2949

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/errata/RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3136 https://kc.mcafee.com/corporate/index?page=content&id&# • CWE-522: Insufficiently Protected Credentials •