CVSS: 6.8EPSS: 0%CPEs: 66EXPL: 0CVE-2020-2601 – OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)
https://notcve.org/view.php?id=CVE-2020-2601
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in u... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2020-2570 – mysql: C API unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2570
15 Jan 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0CVE-2020-2572 – Gentoo Linux Security Advisory 202105-27
https://notcve.org/view.php?id=CVE-2020-2572
15 Jan 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2020-2573 – mysql: C API unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2573
15 Jan 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2020-2574 – mysql: C API unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2574
15 Jan 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impac... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2020-2577 – mysql: InnoDB unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2577
15 Jan 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-2579 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2579
15 Jan 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availabil... • https://security.gentoo.org/glsa/202105-27 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-5390 – Debian Security Advisory 4630-1
https://notcve.org/view.php?id=CVE-2020-5390
13 Jan 2020 — PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. PySAML2 versiones anteriores a la versión 5.0.0 no comprueba que la firma en un... • https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17025
https://notcve.org/view.php?id=CVE-2019-17025
08 Jan 2020 — Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. Los desarrolladores de Mozilla reportaron bugs de seguridad de memoria presentes en Firefox versión 71. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con un esfuerzo suficiente algunos de estos podrían h... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1328295%2C1328300%2C1590447%2C1590965%2C1595692%2C1597321%2C1597481 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 27EXPL: 1CVE-2019-17024 – Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
https://notcve.org/view.php?id=CVE-2019-17024
08 Jan 2020 — Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Los desarrolladores de Mozilla reportaron bugs de seguridad de memoria presentes en Firefox versión 71 y Firefox ESR versión 68.3. Algunos de estos errores mostraron evidencia de corrupción de memori... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •