CVE-2020-1890
published 2020-09-03CVE-2020-1890: A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.40%
69.1th percentile
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| whatsapp_business_for_android | — | — | |
| whatsapp_business_for_android | >= unspecified < 2.20.2 | 2.20.2 | |
| whatsapp_for_android | — | — | |
| whatsapp_for_android | >= unspecified < 2.20.11 | 2.20.11 | |
| < 2.20.11 | 2.20.11 | ||
| whatsapp_business | < 2.20.2 | 2.20.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-14814 mysql: Server: DML unspecified vulnerability (CPU Oct 2020)
bugzilla·2020-10-22·CVSS 4.9
CVE-2020-14814 [MEDIUM] CVE-2020-14814 mysql: Server: DML unspecified vulnerability (CPU Oct 2020)
CVE-2020-14814 mysql: Server: DML unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
External References:
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
Discussion:
Created community-mysql tracking bugs for this issue:
Affects: fedora-all [bug 1890789]
Created mysql:8.0/community-mysql tracking bugs for this issue:
Affects: fedora-all [bug 1890
Bugzilla
CVE-2020-14804 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
bugzilla·2020-10-22·CVSS 4.9
CVE-2020-14804 [MEDIUM] CVE-2020-14804 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
CVE-2020-14804 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
External References:
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
Discussion:
Created community-mysql tracking bugs for this issue:
Affects: fedora-all [bug 1890789]
Created mysql:8.0/community-mysql tracking bugs for this issue:
Affects: fedora-all [bug 1890
2020-09-03
Published