Lucene search

Enterprise Manager Ops Center Security Vulnerabilities - April 2020

cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS

6.8AI Score

0.063EPSS

2020-04-29 10:15 PM

5724

In Wild

cve

CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5CVSS

7.9AI Score

0.012EPSS

2020-04-09 03:15 AM

230

cve

CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

9.8CVSS

9.1AI Score

0.011EPSS

2020-04-09 03:15 AM

157

cve

CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

6.1CVSS

6.7AI Score

0.003EPSS

2020-04-02 12:15 AM

5410

cve

CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

5.3CVSS

6AI Score

0.002EPSS

2020-04-01 08:15 PM

4943

In Wild

cve

CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorit...

7.5CVSS

7.3AI Score

0.081EPSS

2020-04-21 02:15 PM

444