CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2020-14797 – OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)
https://notcve.org/view.php?id=CVE-2020-14797
21 Oct 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 23EXPL: 0CVE-2020-14798 – Gentoo Linux Security Advisory 202409-26
https://notcve.org/view.php?id=CVE-2020-14798
21 Oct 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2020-14779 – OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
https://notcve.org/view.php?id=CVE-2020-14779
21 Oct 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25829 – Gentoo Linux Security Advisory 202012-19
https://notcve.org/view.php?id=CVE-2020-25829
16 Oct 2020 — An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Se ha encontrado un problema en PowerDNS... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
15 Oct 2020 — In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la de... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15229 – Path traversal and files overwrite with unsquashfs
https://notcve.org/view.php?id=CVE-2020-15229
14 Oct 2020 — Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image o... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2020-25645 – kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
https://notcve.org/view.php?id=CVE-2020-25645
13 Oct 2020 — A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando I... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 3%CPEs: 11EXPL: 0CVE-2020-26934 – Gentoo Linux Security Advisory 202101-35
https://notcve.org/view.php?id=CVE-2020-26934
10 Oct 2020 — phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3, permite un ataque de tipo XSS por medio de la funcionalidad de transformación mediante un enlace diseñado It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. It wa... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 80%CPEs: 11EXPL: 1CVE-2020-26935 – Gentoo Linux Security Advisory 202101-35
https://notcve.org/view.php?id=CVE-2020-26935
10 Oct 2020 — An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Se detectó un problema en SearchController en phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3. Se detectó una vulnerabilidad de inyección SQL en cómo phpMyAdmin procesa las sentencias SQL en la funcionalidad de... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26164 – Gentoo Linux Security Advisory 202101-16
https://notcve.org/view.php?id=CVE-2020-26164
07 Oct 2020 — In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. En kdeconnect-kde (también se conoce como KDE Connect) versiones anteriores a 20.08.2, un atacante en la red local podría enviar paquetes diseñados que desencadenan el uso de grandes cantidades de CPU, memoria o slots de conexión de red, también se conoce como un ataque de Denegación de S... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html • CWE-400: Uncontrolled Resource Consumption •