12 results (0.030 seconds)

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Lectura Insuficiente del Búfer. Un atacante remoto no autenticado podría explotar esta vulnerabilidad resultando en un comportamiento indefinido o un bloqueo de los sistemas afectados • https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). • https://www.oracle.com/security-alerts/cpujul2020.html •

CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anteriores a la 4.1.6.2 (en la serie 4.1.x) contiene un problema de error de gestión clave. Un servidor TLS malicioso podría provocar una denegación de servicio (DoS) en los clientes TLS durante la negociación cuando un valor primo muy grande se envía al cliente TLS y se emplea una suite de cifrado Diffie-Hellman Ephemeral o Anonymous (DHE o ADH). • http://www.securityfocus.com/bid/105929 http://www.securitytracker.com/id/1042057 https://seclists.org/fulldisclosure/2018/Nov/37 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •

CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. RSA BSAFE Micro Edition Suite, en su versión 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar una denegación de servicio (DoS). • http://seclists.org/fulldisclosure/2018/Aug/46 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-190: Integer Overflow or Wraparound •