Page 30 of 1170 results (0.008 seconds)

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-3682 – Insecure API port exposed to all Master Node guest containers

https://notcve.org/view.php?id=CVE-2019-3682

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node. El paquete docker-kubic en SUSE CaaS Platform versión 3.0 anteriores a 17.09.1_ce-7.6.1, proporcionaba acceso localmente a una API no segura en el nodo maestro de Kubernetes. • https://bugzilla.suse.com/show_bug.cgi?id=1121148 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

CVE-2020-7106

https://notcve.org/view.php?id=CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2020-5504

https://notcve.org/view.php?id=CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. En phpMyAdmin versiones 4 anteriores a 4.9.4 y versiones 5 anteriores a 5.0.1, una inyección SQL se presenta en la página de cuentas de usuario. Un usuario malicioso podría inyectar SQL personalizado en lugar de su propio nombre de usuario cuando crea consultas en esta página. • https://github.com/xMohamed0/CVE-2020-5504-phpMyAdmin http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html https://www.phpmyadmin.net/security/PMASA-2020-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-3782

https://notcve.org/view.php?id=CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. obs-server versiones anteriores a la versión 1.7.7, permite inicios de sesión mediante cuentas "unconfirmed" debido a un error en la implementación de la API REST. • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19925 – sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive

https://notcve.org/view.php?id=CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. La función zipfileUpdate en el archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente un nombre de ruta NULL durante una actualización de un archivo ZIP. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •