CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2020-2570 – mysql: C API unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2570
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://usn.ubuntu.com/4250-1 https://www.oracle.com/security-alerts/cpujan2020.html https://access.redhat.com/security/cve/CVE-2020-2570 https://bugzilla.redhat.com/show_bug.cgi?id=1798559 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2020-2577 – mysql: InnoDB unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2577
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200122-0002 https://usn.ubuntu.com/4250-1 https://www.oracle.com/security-alerts/cpujan2020.html https://access.redhat.com/security/cve/CVE-2020-2577 https://bugzilla.redhat.com/show_bug.cgi?id=1796880 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-5390
https://notcve.org/view.php?id=CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. PySAML2 versiones anteriores a la versión 5.0.0 no comprueba que la firma en un documento SAML esté envuelta y, por lo tanto, el empaquetado de la firma es efectivo, es decir, está afectado por XML Signature Wrapping (XSW). La información de la firma y el nodo u objeto que está firmado puede estar en diferentes lugares y, por lo tanto, la comprobación de la firma tendrá éxito, pero serán usados los datos incorrectos. • https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e https://github.com/IdentityPython/pysaml2/releases https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0 https://lists.debian.org/debian-lts-announce/2020/02/msg00025.html https://pypi.org/project/pysaml2/5.0.0 https://usn.ubuntu.com/4245-1 https://www.debian.org/security/2020/dsa-4630 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17025
https://notcve.org/view.php?id=CVE-2019-17025
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. Los desarrolladores de Mozilla reportaron bugs de seguridad de memoria presentes en Firefox versión 71. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con un esfuerzo suficiente algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1328295%2C1328300%2C1590447%2C1590965%2C1595692%2C1597321%2C1597481 https://usn.ubuntu.com/4234-1 https://www.mozilla.org/security/advisories/mfsa2020-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 1CVE-2019-17024 – Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
https://notcve.org/view.php?id=CVE-2019-17024
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Los desarrolladores de Mozilla reportaron bugs de seguridad de memoria presentes en Firefox versión 71 y Firefox ESR versión 68.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con un esfuerzo suficiente algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://access.redhat.com/errata/RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0123 https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •