CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26164
https://notcve.org/view.php?id=CVE-2020-26164
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. En kdeconnect-kde (también se conoce como KDE Connect) versiones anteriores a 20.08.2, un atacante en la red local podría enviar paquetes diseñados que desencadenan el uso de grandes cantidades de CPU, memoria o slots de conexión de red, también se conoce como un ataque de Denegación de Servicio • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00018.html http://www.openwall.com/lists/oss-security/2020/10/13/4 http://www.openwall.com/lists/oss-security/2020/10/13/5 http://www.openwall.com/lists/oss-security/2020/10/14/1 http://www.openwall.com/lists/oss-security/2020/11/30/1 https://bugzilla.suse.com/show_bug.cgi?id=1176268 https://github.com/KDE/kdeconnect-kde/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2020-11800
https://notcve.org/view.php?id=CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Zabbix Server versiones 2.2.x y 3.0.x anteriores a 3.0.31 y 3.2, permite a atacantes remotos ejecutar código arbitrario • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html https://support.zabbix.com/browse/DEV-1538 https://support.zabbix.com/browse/ZBX-17600 https://support.zabbix.com/browse/ZBXSEC-30 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8228
https://notcve.org/view.php?id=CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Una falta de límite de velocidad en la aplicación Preferred Providers versión 1.7.0, permitió a un atacante ajustar la contraseña una cantidad de veces no controlada • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html https://hackerone.com/reports/922470 https://nextcloud.com/security/advisory/?id=NC-SA-2020-033 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-840: Business Logic Errors •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11556
https://notcve.org/view.php?id=CVE-2019-11556
Pagure before 5.6 allows XSS via the templates/blame.html blame view. Pagure versiones anteriores a 5.6, permite ataques de tipo XSS por medio de la vista dblame en el archivo templates/blame.html • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html https://docs.pagure.org/pagure/changelog.html https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618 https://pagure.io/pagure/commits/master • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 4%CPEs: 7EXPL: 0CVE-2020-6558
https://notcve.org/view.php?id=CVE-2020-6558
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en iOSWeb en Google Chrome en iOS versiones anteriores a 85.0.4183.83, permitía a un atacante remoto omitir restricciones de navegación por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/1109120 https://www.debian.org/security/2021/dsa-4824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •