CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5405 – Directory Traversal with spring-cloud-config-server
https://notcve.org/view.php?id=CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Cloud Config, versiones 2.2.x anteriores a 2.2.2, versiones 2.1.x anteriores a 2.1.7 y versiones anteriores no compatibles, permite a unas aplicaciones servir archivos de configuración arbitrarios por medio del módulo spring-cloud-config-server. Un usuario malicioso, o atacante, puede enviar una petición usando una URL especialmente diseñada que puede conllevar a un ataque de salto de directorio. • https://pivotal.io/security/cve-2020-5405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3943
https://notcve.org/view.php?id=CVE-2020-3943
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. vRealize Operations for Horizon Adapter (versiones 6.7.x anteriores a 6.7.1 y versiones 6.6.x anteriores a 6.6.1), utiliza un servicio JMX RMI que no está configurado de forma segura. Un atacante remoto no autenticado que tenga acceso de red a vRealize Operations, con Horizon Adapter en ejecución, puede ejecutar código arbitrario en vRealize Operations. • https://www.vmware.com/security/advisories/VMSA-2020-0003.html •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3944
https://notcve.org/view.php?id=CVE-2020-3944
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. vRealize Operations for Horizon Adapter (versiones 6.7.x anteriores a 6.7.1 y versiones 6.6.x anteriores a 6.6.1), presenta una configuración inapropiada del almacén de confianza conllevando a una omisión de autenticación. Un atacante remoto no autenticado que tenga acceso a la red para vRealize Operations, con Horizon Adapter en ejecución, puede omitir la autenticación del Adaptador. • https://www.vmware.com/security/advisories/VMSA-2020-0003.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3945
https://notcve.org/view.php?id=CVE-2020-3945
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information vRealize Operations for Horizon Adapter (versiones 6.7.x anteriores a 6.7.1 y versiones 6.6.x anteriores a 6.6.1) contiene una vulnerabilidad de divulgación de información debido a una implementación de emparejamiento incorrecta entre vRealize Operations for Horizon Adapter y Horizon View. Un atacante remoto no autenticado que tiene acceso de red para vRealize Operations, con Horizon Adapter en ejecución, puede obtener información confidencial • https://www.vmware.com/security/advisories/VMSA-2020-0003.html •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5183
https://notcve.org/view.php?id=CVE-2019-5183
An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de confusión de tipos explotable en el controlador AMD ATIDXX64.DLL, versiones 26.20.13031.10003, 26.20.13031.15006 y 26.20.13031.18002. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •