CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8585
https://notcve.org/view.php?id=CVE-2020-8585
28 Jan 2021 — OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). OnCommand Unified Manager Core Package versiones anteriores a 5.2.5, pueden revelar información confidencial de la cuenta a usuarios no autorizados por medio del uso de PuTTY Link (plink) • https://security.netapp.com/advisory/NTAP-20210128-0001 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 10%CPEs: 30EXPL: 0CVE-2019-5482 – curl: heap buffer overflow in function tftp_receive_packet()
https://notcve.org/view.php?id=CVE-2019-5482
11 Sep 2019 — Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2019-5443
https://notcve.org/view.php?id=CVE-2019-5443
02 Jul 2019 — A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Un usuario o programa no privilegiado puede colocar un código y un archivo de configuración en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que hará que curl anterior a versión 7.65.1 incluyéndola, ejecute a... • http://www.openwall.com/lists/oss-security/2019/06/24/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5495
https://notcve.org/view.php?id=CVE-2019-5495
10 May 2019 — OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager para VMware vSphere, Linux y Windows antes de la versión 9.5 se envía sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0007 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5494
https://notcve.org/view.php?id=CVE-2019-5494
10 May 2019 — OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager 7-Mode anterior a la versión 5.2.4 se envían sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0006 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.9EPSS: 0%CPEs: 22EXPL: 0CVE-2019-2420 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2420
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts)... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 3.1EPSS: 0%CPEs: 34EXPL: 0CVE-2019-2422 – OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
https://notcve.org/view.php?id=CVE-2019-2422
16 Jan 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessib... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2019-2426 – Gentoo Linux Security Advisory 201903-14
https://notcve.org/view.php?id=CVE-2019-2426
16 Jan 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2019-2434 – mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2434
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2436 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2436
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •