CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-2760 – mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2760
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2020-2752 – mysql: C API unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P https://security.gentoo.org/glsa/202012-08 https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200416-0003 https://www.oracle.com/security-alerts/cpuapr2020.html https: •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1730 – libssh: denial of service when handling AES-CTR (or DES) ciphers
https://notcve.org/view.php?id=CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. Se detectó un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si está habilitado). El servidor o el cliente podrían bloquearse cuando la conexión no ha sido inicializada completamente y el sistema intenta limpiar los cifrados cuando se cierra la conexión. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554 https://security.netapp.com/advisory/ntap-20200424-0001 https://usn.ubuntu.com/4327-1 https://www.libssh.org/security/advisories/CVE-2020-1730.txt https://www.oracle.com/security-alerts/cpuoct2020.html https:/ • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1CVE-2020-11655
https://notcve.org/view.php?id=CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. SQLite versiones hasta 3.31.1, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de una consulta de una función de window malformada porque la inicialización el objeto AggInfo es manejada inapropiadamente. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200416-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security- • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 0CVE-2020-11656
https://notcve.org/view.php?id=CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. En SQLite versiones hasta 3.31.1, la implementación de ALTER TABLE presenta un uso de la memoria previamente liberada, como es demostrado por una cláusula ORDER BY que pertenece a una sentencia SELECT compuesta. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200416-0001 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.sqlite.org/src/info/d09f8c3621d5 • CWE-416: Use After Free •