CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33930 – libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h
https://notcve.org/view.php?id=CVE-2021-33930
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento de búfer en la función pool_installable_whatprovides en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio A flaw was found in libsolv. A buffer overflow vulnerability in the pool_installable_whatprovides function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/417 https://access.redhat.com/security/cve/CVE-2021-33930 https://bugzilla.redhat.com/show_bug.cgi?id=2000705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33929 – libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h
https://notcve.org/view.php?id=CVE-2021-33929
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento del búfer en la función pool_disabled_solvable en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio A flaw was found in libsolv. A buffer overflow vulnerability in the pool_disabled_solvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/417 https://access.redhat.com/security/cve/CVE-2021-33929 https://bugzilla.redhat.com/show_bug.cgi?id=2000703 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33928 – libsolv: heap-based buffer overflow in pool_installable() in src/repo.h
https://notcve.org/view.php?id=CVE-2021-33928
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento del búfer en la función pool_installable en el archivo src/repo.h en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una Denegación de Servicio A flaw was found in libsolv. A buffer overflow in the pool_installable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/417 https://access.redhat.com/security/cve/CVE-2021-33928 https://bugzilla.redhat.com/show_bug.cgi?id=2000699 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4675
https://notcve.org/view.php?id=CVE-2020-4675
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. IBM InfoSphere Master Data Management Server versión 11.6, es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 186324 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186324 https://www.ibm.com/support/pages/node/6472927 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18906 – cryptctl: client side password hashing is equivalent to clear text password storage
https://notcve.org/view.php?id=CVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. Una vulnerabilidad de autenticación inadecuada en cryptctl de SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 permite a los atacantes con acceso a la contraseña cifrada utilizarla sin tener que descifrarla. Este problema afecta a: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versiones anteriores a la 2.4. • https://bugzilla.suse.com/show_bug.cgi?id=1186226 • CWE-287: Improper Authentication •