CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4657
https://notcve.org/view.php?id=CVE-2020-4657
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 https://www.ibm.com/support/pages/node/6382414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4738
https://notcve.org/view.php?id=CVE-2019-4738
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ataques contra el sistema. IBM X-Force ID: 172753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 https://www.ibm.com/support/pages/node/6380390 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-26421
https://notcve.org/view.php?id=CVE-2020-26421
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Un fallo en el disector del protocolo USB HID y posiblemente en otros disectores en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json https://gitlab.com/wireshark/wireshark/-/issues/16958 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z https://security.gentoo.org/glsa/202101-12 https://www.oracle.c • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-26418
https://notcve.org/view.php?id=CVE-2020-26418
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Una filtración de memoria en el disector de protocolo Kafka en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json https://gitlab.com/wireshark/wireshark/-/issues/16739 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z https://security.gentoo.org/glsa/202101-12 https://www.oracle.c • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 1CVE-2020-29661 – kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
https://notcve.org/view.php?id=CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Se detectó un problema de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. El archivo drivers/tty/tty_jobctrl.c, permite un ataque de uso de la memoria previamente liberada contra TIOCSPGRP, también se conoce como CID-54ffccbf053b A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/wojkos9/arm-CVE-2020-29661 http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html http://www.openwall.com/lists/oss-security/2020/12/10/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts- • CWE-416: Use After Free CWE-667: Improper Locking •