CVSS: 9.8EPSS: 85%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 19CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 73%CPEs: 72EXPL: 1CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
14 Dec 2021 — JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in Au... • https://github.com/cckuailong/log4shell_1.x • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
11 Nov 2021 — A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client... • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
11 Nov 2021 — A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext... • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14340 – xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
https://notcve.org/view.php?id=CVE-2020-14340
13 Oct 2020 — A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. Se detectó una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolección de basura. Puede permitir al ... • https://bugzilla.redhat.com/show_bug.cgi?id=1860218 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5201
https://notcve.org/view.php?id=CVE-2015-5201
25 Feb 2020 — VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. VDSM y libvirt en Red Hat Enterprise Virtualization Hypervisor (también se conoce como RHEV-H) versiones 7-7.x anteriores a 7-7.2-20151119... • https://access.redhat.com/security/cve/cve-2015-5201 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8167
https://notcve.org/view.php?id=CVE-2014-8167
13 Nov 2019 — vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack vdsm y vdsclient no comprueban la certificación del nombre de host desde otro vdsm, lo que podría facilitar un ataque de tipo man-in-the-middle. • https://access.redhat.com/security/cve/cve-2014-8167 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4280
https://notcve.org/view.php?id=CVE-2013-4280
04 Nov 2019 — Insecure temporary file vulnerability in RedHat vsdm 4.9.6. Vulnerabilidad de archivo temporal no seguro en RedHat vsdm versión 4.9.6. • https://access.redhat.com/security/cve/cve-2013-4280 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0186 – EVM: Stored XSS
https://notcve.org/view.php?id=CVE-2013-0186
01 Nov 2019 — Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en ManageIQ EVM, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://access.redhat.com/errata/RHSA-2014:0215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •