CVE-2020-26935
https://notcve.org/view.php?id=CVE-2020-26935
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Se detectó un problema en SearchController en phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3. Se detectó una vulnerabilidad de inyección SQL en cómo phpMyAdmin procesa las sentencias SQL en la funcionalidad de búsqueda. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://advisory.checkmarx.net/advisory/CX-2020-4281 https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO https:/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-26164
https://notcve.org/view.php?id=CVE-2020-26164
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. En kdeconnect-kde (también se conoce como KDE Connect) versiones anteriores a 20.08.2, un atacante en la red local podría enviar paquetes diseñados que desencadenan el uso de grandes cantidades de CPU, memoria o slots de conexión de red, también se conoce como un ataque de Denegación de Servicio • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00018.html http://www.openwall.com/lists/oss-security/2020/10/13/4 http://www.openwall.com/lists/oss-security/2020/10/13/5 http://www.openwall.com/lists/oss-security/2020/10/14/1 http://www.openwall.com/lists/oss-security/2020/11/30/1 https://bugzilla.suse.com/show_bug.cgi?id=1176268 https://github.com/KDE/kdeconnect-kde/ • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-11800
https://notcve.org/view.php?id=CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Zabbix Server versiones 2.2.x y 3.0.x anteriores a 3.0.31 y 3.2, permite a atacantes remotos ejecutar código arbitrario • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html https://support.zabbix.com/browse/DEV-1538 https://support.zabbix.com/browse/ZBX-17600 https://support.zabbix.com/browse/ZBXSEC-30 •
CVE-2020-14355 – spice: multiple buffer overflow vulnerabilities in QUIC decoding code
https://notcve.org/view.php?id=CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodificación de imágenes QUIC del sistema de visualización remota SPICE, versiones anteriores a spice-0.14.2-1. Tanto el cliente SPICE (spice-gtk) como el servidor están afectados por estos defectos. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=1868435 https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html https://usn.ubuntu.com/4572-1 https://usn.ubuntu.com/4572-2 https://www.debian.org/security/2020/dsa-4771 https://www.openwall.com/lists/oss • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-25863
https://notcve.org/view.php?id=CVE-2020-25863
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. En Wireshark versiones 3.2.0 hasta 3.2.6, versiones 3.0.0 hasta 3.0.13 y versiones 2.6.0 hasta 2.6.20, el disector MIME Multipart podría bloquearse. Esto fue abordado en el archivo epan/disactors/packet-multipart.c corrigiendo la desasignación de partes MIME no válidas • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html https://gitlab.com/wireshark/wireshark/-/commit/5803c7b87b3414cdb8bf502af50bb406ca774482 https://gitlab.com/wireshark/wireshark/-/issues/16741 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW https://lists.fedoraproject.org/archives •