CVSS: 9.8EPSS: 80%CPEs: 11EXPL: 1CVE-2020-26935 – Gentoo Linux Security Advisory 202101-35
https://notcve.org/view.php?id=CVE-2020-26935
10 Oct 2020 — An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Se detectó un problema en SearchController en phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3. Se detectó una vulnerabilidad de inyección SQL en cómo phpMyAdmin procesa las sentencias SQL en la funcionalidad de... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26164 – Gentoo Linux Security Advisory 202101-16
https://notcve.org/view.php?id=CVE-2020-26164
07 Oct 2020 — In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. En kdeconnect-kde (también se conoce como KDE Connect) versiones anteriores a 20.08.2, un atacante en la red local podría enviar paquetes diseñados que desencadenan el uso de grandes cantidades de CPU, memoria o slots de conexión de red, también se conoce como un ataque de Denegación de S... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 54%CPEs: 7EXPL: 0CVE-2020-11800
https://notcve.org/view.php?id=CVE-2020-11800
07 Oct 2020 — Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Zabbix Server versiones 2.2.x y 3.0.x anteriores a 3.0.31 y 3.2, permite a atacantes remotos ejecutar código arbitrario • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25863 – Ubuntu Security Notice USN-6262-1
https://notcve.org/view.php?id=CVE-2020-25863
06 Oct 2020 — In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. En Wireshark versiones 3.2.0 hasta 3.2.6, versiones 3.0.0 hasta 3.0.13 y versiones 2.6.0 hasta 2.6.20, el disector MIME Multipart podría bloquearse. Esto fue abordado en el archivo epan/disactors/packet-multipart.c corrigiendo la desasignación de partes MIME no válidas It was discovered... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2020-25866
https://notcve.org/view.php?id=CVE-2020-25866
06 Oct 2020 — In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. En Wireshark versiones 3.2.0 hasta 3.2.6 y versiones 3.0.0 hasta 3.0.13, el disector del protocolo BLIP presenta una desreferencia del puntero NULL porque un búfer fue dimensionado para mensajes comprimidos (no sin... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25862 – Ubuntu Security Notice USN-6262-1
https://notcve.org/view.php?id=CVE-2020-25862
06 Oct 2020 — In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. En Wireshark versiones 3.2.0 hasta 3.2.6, versiones 3.0.0 hasta 3.0.13 y versiones 2.6.0 hasta 2.6.20, el disector TCP podría bloquearse. Esto fue abordado en el archivo epan/disactors/packet-tcp.c mediante el cambio en el manejo del checksum 0xFFFF no válido It was discovered that Wireshark did not ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25641 – kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
https://notcve.org/view.php?id=CVE-2020-25641
06 Oct 2020 — A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la implementación de biovecs del kernel de Linux en versione... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25637 – libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c
https://notcve.org/view.php?id=CVE-2020-25637
06 Oct 2020 — A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to dat... • https://github.com/brahmiboudjema/CVE-2020-25637-libvirt-double-free • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-25643 – kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
https://notcve.org/view.php?id=CVE-2020-25643
06 Oct 2020 — A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de corrupción de la memoria en el kernel de Linux en versiones anteriores a 5.9-rc7, en el módulo HDLC_PPP en la... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8228
https://notcve.org/view.php?id=CVE-2020-8228
05 Oct 2020 — A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Una falta de límite de velocidad en la aplicación Preferred Providers versión 1.7.0, permitió a un atacante ajustar la contraseña una cantidad de veces no controlada • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-840: Business Logic Errors •