CVSS: 8.0EPSS: 2%CPEs: 11EXPL: 0CVE-2020-10802 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-10802
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 4%CPEs: 11EXPL: 0CVE-2020-10803 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-10803
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 3%CPEs: 10EXPL: 0CVE-2020-10804 – openSUSE Security Advisory - openSUSE-SU-2020:1806-1
https://notcve.org/view.php?id=CVE-2020-10804
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0.2, se encontró una vulner... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 94%CPEs: 8EXPL: 14CVE-2020-8813 – Cacti 1.2.8 - Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8813
22 Feb 2020 — graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. El archivo graph_realtime.php en Cacti versión 1.2.8, permite a atacantes remotos ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en una cookie, si un usuario invitado posee el privilegio graph real-time. graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS comma... • https://packetstorm.news/files/id/156538 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 1CVE-2020-6415 – chromium-browser: Inappropriate implementation in JavaScript
https://notcve.org/view.php?id=CVE-2020-6415
11 Feb 2020 — Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en JavaScript en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 1CVE-2020-6416 – chromium-browser: Insufficient data validation in streams
https://notcve.org/view.php?id=CVE-2020-6416
11 Feb 2020 — Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación de datos insuficiente en streams en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 13EXPL: 1CVE-2020-6381 – chromium-browser: Integer overflow in JavaScript
https://notcve.org/view.php?id=CVE-2020-6381
11 Feb 2020 — Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en JavaScript en Google Chrome sobre ChromeOS y Android versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromiu... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 1CVE-2020-6382 – chromium-browser: Type Confusion in JavaScript
https://notcve.org/view.php?id=CVE-2020-6382
11 Feb 2020 — Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en JavaScript en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include infor... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 1CVE-2020-6385 – chromium-browser: Insufficient policy enforcement in storage
https://notcve.org/view.php?id=CVE-2020-6385
11 Feb 2020 — Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Una aplicación insuficiente de políticas en storage en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto omitir el aislamiento del sitio por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include informat... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 2CVE-2020-6390 – chromium-browser: Out of bounds memory access in streams
https://notcve.org/view.php?id=CVE-2020-6390
11 Feb 2020 — Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un acceso a la memoria fuera de límites en streams en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues... • https://packetstorm.news/files/id/157419 • CWE-787: Out-of-bounds Write •