Page 102 of 4202 results (0.011 seconds)

CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2019-12524 – squid: Improper access restriction in url_regex may lead to security bypass

https://notcve.org/view.php?id=CVE-2019-12524

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. • https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4446-1 https://www.debian.org/security/2020/dsa-4682 https://access.redhat.com/security/cve/CVE-2019-12524 https://bugzilla.redhat.com/show_bug.cgi?id=1827570 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •

CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-2923 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)

https://notcve.org/view.php?id=CVE-2020-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200416-0003 https://usn.ubuntu.com/4350-1 https://www.oracle.com/security •

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

CVE-2020-2922 – mysql: C API unspecified vulnerability (CPU Apr 2020)

https://notcve.org/view.php?id=CVE-2020-2922

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200416-0003 https://usn.ubuntu.com/4350-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2020-2922 https://bugzilla.redhat.com/show_bug.cgi?id=1835850 •

CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-2924 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)

https://notcve.org/view.php?id=CVE-2020-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200416-0003 https://usn.ubuntu.com/4350-1 https://www.oracle.com/security •

CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-2925 – mysql: Server: PS unspecified vulnerability (CPU Apr 2020)

https://notcve.org/view.php?id=CVE-2020-2925

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200416-0003 https://usn.ubuntu.com/4350-1 https://www.oracle.com/security •