Page 79 of 982 results (0.013 seconds)

CVSS: 6.1EPSS: 4%CPEs: 6EXPL: 0

CVE-2020-28034 – WordPress Core < 5.5.2 - Reflected Cross-Site Scripting via Global Variables

https://notcve.org/view.php?id=CVE-2020-28034

WordPress before 5.5.2 allows XSS associated with global variables. WordPress versiones anteriores a 5.5.2, permite un ataque de tipo XSS asociado con variables globales • https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release https://www. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-14323 – samba: Unprivileged user can crash winbind

https://notcve.org/view.php?id=CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Se encontró uno fallo de desreferencia del puntero null en el servicio Winbind de samba en versiones anteriores a 4.11.15, 4.12.9 y 4.13.1.&#xa0;Un usuario local podría utilizar este fallo para bloquear el servicio winbind causando una denegación de servicio A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html https://bugzilla.redhat.com/show_bug.cgi?id=1891685 https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP https://lists.fedoraproject.org/archives/list/package • CWE-170: Improper Null Termination CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-28032 – WordPress Core < 5.5.2 - Deserialization Gadget

https://notcve.org/view.php?id=CVE-2020-28032

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. WordPress versiones anteriores a 5.5.2, maneja inapropiadamente las peticiones de deserialización en el archivo wp-includes/Requests/Utility/FilteredIterator.php • https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.4EPSS: 2%CPEs: 6EXPL: 0

CVE-2020-28038 – WordPress Core < 5.5.2 - Stored Cross-Site Scripting via post slugs

https://notcve.org/view.php?id=CVE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs. WordPress versiones anteriores a 5.5.2, permite un ataque de tipo XSS almacenado por medio de slugs de publicaciones • https://blog.ripstech.com https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-mainte • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-28036 – WordPress Core < 5.5.2 - Privilege Escalation via XML-RPC

https://notcve.org/view.php?id=CVE-2020-28036

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. El archivo wp-includes/class-wp-xmlrpc-server.php en WordPress versiones anteriores a 5.5.2, permite a atacantes conseguir privilegios mediante el uso de XML-RPC para comentar una publicación • https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •