Page 121 of 982 results (0.044 seconds)

CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0

CVE-2020-14550 – mysql: C API unspecified vulnerability (CPU Jul 2020)

https://notcve.org/view.php?id=CVE-2020-14550

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-14553 – mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020)

https://notcve.org/view.php?id=CVE-2020-14553

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200717-0004 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-15117 – Denial of Service in Synergy

https://notcve.org/view.php?id=CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB. En Synergy anterior a la versión 1.12.0, un servidor de Synergy puede ser bloqueado al recibir un paquete kMsgHelloBack con una longitud de nombre de cliente establecida en 0xffffffff (4294967295) si la memoria del servidor es inferior a 4 GB. Se verificó que este problema no causa un bloqueo por medio del manejador de excepciones si la memoria disponible del servidor es superior a 4 GB • https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFDEQED64YLWQK2TF73EMXZDYX7YT2DD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAQYCMBWNVCIEM27NPIKK3DGJCNBYLAK • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0

CVE-2019-20907 – python: infinite loop in the tarfile module via crafted TAR archive

https://notcve.org/view.php?id=CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. En la biblioteca Lib/tarfile.py en Python versiones hasta 3.8.3, un atacante puede diseñar un archivo TAR conllevando a un bucle infinito cuando se abrió mediante tarfile.open, porque la función _proc_pax carece de comprobación de encabezado A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html https://bugs.python.org/issue39017 https://github.com/python/cpython/pull/21454 https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html https://lists.debian.org/debian-lts-announce/2020/ • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-15567

https://notcve.org/view.php?id=CVE-2020-15567

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/07/6 http://xenbits.xen.org/xsa/advisory-328.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP https://security.ge • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •