Page 91 of 982 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-26934

https://notcve.org/view.php?id=CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3, permite un ataque de tipo XSS por medio de la funcionalidad de transformación mediante un enlace diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO https://lists.fedoraproject.org/archives/list/package-announce%40lists&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 1

CVE-2020-26935

https://notcve.org/view.php?id=CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Se detectó un problema en SearchController en phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3. Se detectó una vulnerabilidad de inyección SQL en cómo phpMyAdmin procesa las sentencias SQL en la funcionalidad de búsqueda. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://advisory.checkmarx.net/advisory/CX-2020-4281 https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO https:/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-26880

https://notcve.org/view.php?id=CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. Sympa versiones hasta 6.2.57b.2, permite una escalada de privilegios local desde la cuenta de usuario sympa hacia el acceso root completo mediante la modificación del archivo de configuración sympa.conf (que es propiedad de sympa) y analizándolo por medio del ejecutable sympa_newaliases-wrapper de setuid • https://github.com/sympa-community/sympa/issues/1009 https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420 https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235 https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI https://li • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-26575

https://notcve.org/view.php?id=CVE-2020-26575

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. En Wireshark versiones hasta 3.2.7, el Facebook Zero Protocol (también se conoce como FBZERO), podría entrar en un bucle infinito. Esto fue abordado en el archivo epan/dissectors/packet-fbzero.c corrigiendo la implementación del avance de compensación • https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab https://gitlab.com/wireshark/wireshark/-/issues/16887 https://gitlab.com/wireshark/wireshark/-/merge_requests/467 https://gitlab.com/wireshark/wireshark/-/merge_requests/471 https://gitlab.com/wireshark/wireshark/-/merge_requests/472 https://gitlab.com/wireshark/wireshark/-/merge_requests/473 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2020-25863

https://notcve.org/view.php?id=CVE-2020-25863

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. En Wireshark versiones 3.2.0 hasta 3.2.6, versiones 3.0.0 hasta 3.0.13 y versiones 2.6.0 hasta 2.6.20, el disector MIME Multipart podría bloquearse. Esto fue abordado en el archivo epan/disactors/packet-multipart.c corrigiendo la desasignación de partes MIME no válidas • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html https://gitlab.com/wireshark/wireshark/-/commit/5803c7b87b3414cdb8bf502af50bb406ca774482 https://gitlab.com/wireshark/wireshark/-/issues/16741 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW https://lists.fedoraproject.org/archives&# •