CVSS: 5.9EPSS: 0%CPEs: 75EXPL: 1CVE-2020-1971 – EDIPARTYNAME NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-1971
08 Dec 2020 — The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. • https://github.com/MBHudson/CVE-2020-1971 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14845 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14845
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-14846 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14846
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14852 – mysql: Server: Charsets unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14852
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14839 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14839
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-14830 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14830
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14837 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14837
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14814 – mysql: Server: DML unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14814
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14760 – Gentoo Linux Security Advisory 202105-27
https://notcve.org/view.php?id=CVE-2020-14760
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL ... • https://security.gentoo.org/glsa/202105-27 •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2020-15358 – sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c
https://notcve.org/view.php?id=CVE-2020-15358
27 Jun 2020 — In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. En SQLite versiones anteriores a 3.32.3, el archivo select.c maneja inapropiadamente la optimización query-flattener, conllevando a un desbordamiento de la pila de multiSelectOrderBy debido al uso inapropiado de las propiedades transitivas para la propagación constante A heap buffer overflow was found in SQLite in the qu... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •