CVSS: 7.8EPSS: 92%CPEs: 39EXPL: 95CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
26 Jan 2021 — Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo caráct... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-23926 – XMLBeans XML Entity Expansion
https://notcve.org/view.php?id=CVE-2021-23926
14 Jan 2021 — The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. Los analizadores XML usados por XMLBeans versiones hasta 2.6.0 no establecían las propiedades necesarias para proteger al usuario de entradas XML maliciosas. Unas vulnerabilidades incluyen posibilidades de ataques de Expansión de Entidades XML. • https://issues.apache.org/jira/browse/XMLBEANS-517 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2020-14779 – OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
https://notcve.org/view.php?id=CVE-2020-14779
21 Oct 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2020-14621 – OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
https://notcve.org/view.php?id=CVE-2020-14621
15 Jul 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Thi... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14002
https://notcve.org/view.php?id=CVE-2020-14002
29 Jun 2020 — PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). PuTTY versiones 0.68 hasta 0.73, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a los intentos iniciales de conexión (donde ni... • https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 15%CPEs: 24EXPL: 0CVE-2020-1927 – httpd: mod_rewrite configurations vulnerable to open redirect
https://notcve.org/view.php?id=CVE-2020-1927
01 Apr 2020 — In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. En Apache HTTP Server versiones 2.4.0 hasta 2.4.41, los redireccionamientos configurados con mod_rewrite que pretendían ser autorreferenciales podrían ser engañados por nuevas líneas codificadas y redireccionadas en lugar de una URL inesperada dentro de la URL de petición. A flaw was fou... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17069
https://notcve.org/view.php?id=CVE-2019-17069
01 Oct 2019 — PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. PuTTY versiones anteriores a 0.73, podría permitir que los servidores remotos SSH-1 causen una denegación de servicio mediante el acceso a ubicaciones de memoria liberadas por medio de un mensaje SSH1_MSG_DISCONNECT. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00020.html • CWE-416: Use After Free •
CVSS: 5.9EPSS: 6%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 5.3EPSS: 2%CPEs: 28EXPL: 0CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation
https://notcve.org/view.php?id=CVE-2017-15906
26 Oct 2017 — The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote a... • http://www.securityfocus.com/bid/101552 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7236
https://notcve.org/view.php?id=CVE-2017-7236
25 May 2017 — SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en NetApp OnCommand Unified Manager Core Package 5x y en versiones anteriores a la 5.2.2P1 que permite a los atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores sin especificar. • https://kb.netapp.com/support/s/article/NTAP-20170517-0001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •