Page 20 of 923 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2020-5504

https://notcve.org/view.php?id=CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. En phpMyAdmin versiones 4 anteriores a 4.9.4 y versiones 5 anteriores a 5.0.1, una inyección SQL se presenta en la página de cuentas de usuario. Un usuario malicioso podría inyectar SQL personalizado en lugar de su propio nombre de usuario cuando crea consultas en esta página. • https://github.com/xMohamed0/CVE-2020-5504-phpMyAdmin http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html https://www.phpmyadmin.net/security/PMASA-2020-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-3782

https://notcve.org/view.php?id=CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. obs-server versiones anteriores a la versión 1.7.7, permite inicios de sesión mediante cuentas "unconfirmed" debido a un error en la implementación de la API REST. • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19925 – sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive

https://notcve.org/view.php?id=CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. La función zipfileUpdate en el archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente un nombre de ruta NULL durante una actualización de un archivo ZIP. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19923 – sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference

https://notcve.org/view.php?id=CVE-2019-19923

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). La función flattenSubquery en el archivo select.c en SQLite versión 3.30.1 maneja inapropiadamente ciertos usos de SELECT DISTINCT que involucra una LEFT JOIN en la que el lado derecho es una vista. Esto puede causar una desreferencia del puntero NULL (o resultados incorrectos). • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880

https://notcve.org/view.php?id=CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta para CVE-2019-19880. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •