CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14721
https://notcve.org/view.php?id=CVE-2020-14721
15 Jul 2020 — Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unau... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14722
https://notcve.org/view.php?id=CVE-2020-14722
15 Jul 2020 — Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significa... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14563
https://notcve.org/view.php?id=CVE-2020-14563
15 Jul 2020 — Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significant... • https://www.oracle.com/security-alerts/cpujul2020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 20%CPEs: 39EXPL: 1CVE-2019-9511 – Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9511
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Algunas implementaciones de HTTP / 2 son vulnerables a la manip... • https://github.com/flyniu666/ingress-nginx-0.21-1.19.5 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 3%CPEs: 42EXPL: 0CVE-2019-9513 – Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9513
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Algunas implementaciones de HTTP / 2 son vulnerables a los bucles de recursos, lo que puede conducir a una denegación de servicio. El atacante crea múltiples flujos de solicitud y baraja continuamente la prioridad de ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2018-16864 – systemd: stack overflow when calling syslog from a command with long cmdline
https://notcve.org/view.php?id=CVE-2018-16864
09 Jan 2019 — An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. Se ha descubierto una asignación de memoria sin límites, que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando un programa con argumento... • http://www.openwall.com/lists/oss-security/2021/07/20/2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 2CVE-2018-16865 – systemd: stack overflow when receiving many journald entries
https://notcve.org/view.php?id=CVE-2018-16865
09 Jan 2019 — An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. Se ha descubierto una asignación de memoria sin límites que podría resultar en que la pila choque con otra región de memoria, ... • https://packetstorm.news/files/id/152841 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-11236 – glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2018-11236
18 May 2018 — stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. stdlib/canonicalize.c en GNU C Library (también conocida como glibc o libc6), en versiones 2.27 y anteriores, al procesar argumentos con un nombre de ruta muy largo en la función realpath, podría encontrarse con u... • http://www.securityfocus.com/bid/104255 • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 2CVE-2018-11237 – glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper
https://notcve.org/view.php?id=CVE-2018-11237
18 May 2018 — An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. Una implementación optimizada para AVX-512 de la función mempcpy en GNU C Library (también conocido como glibc o libc6), en versiones 2.27 y anteriores, podría escribir datos más allá del búfer objetivo, lo que desemboca en un desbordamiento de búfer en __mempcpy_avx512_no_vzeroupper. A ... • https://packetstorm.news/files/id/147870 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-6485 – glibc: Integer overflow in posix_memalign in memalign functions
https://notcve.org/view.php?id=CVE-2018-6485
03 Apr 2017 — An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Un desbordamiento de enteros en la implementación de posix_memalign en las funciones memalign en GNU C Library (también conocido como glibc o libc6) en versiones 2.26 y anteriores podría provocar que estas funciones devuelvan un puntero a un áre... • http://bugs.debian.org/878159 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •