CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2020-8233
https://notcve.org/view.php?id=CVE-2020-8233
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. Se presenta una vulnerabilidad de inyección de comandos en el firmware de EdgeSwitch versiones anteriores a v1.9.0, que permitía a un usuario autenticado de solo lectura ejecutar comandos de shell arbitrarios por medio de la interfaz HTTP, permitiéndoles escalar privilegios. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821 https://www.ui.com/download/edgemax • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8026 – inn: non-root owned files
https://notcve.org/view.php?id=CVE-2020-8026
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de inn en openSUSE Leap versión 15.2, openSUSE Tumbleweed, openSUSE Leap versión 15.1, permite a atacantes locales con control del nuevo usuario escalar sus privilegios a root. Este problema afecta a: inn versión 2.6.2-lp152.1.26 y versiones anteriores de openSUSE Leap versión 15.2. inn versión 2.6.2-4.2 y versiones anteriores de openSUSE Tumbleweed. inn versión 2.5.4-lp151.3.3.1 y versiones anteriores de openSUSE Leap versión 15.1 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1172573 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-17353
https://notcve.org/view.php?id=CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. El archivo scm/define-stencil-command.scm en LilyPond versiones hasta 2.20.0 y versiones 2.21.x hasta 2.21.4, cuando -dsafe es usada, carece de restricciones en embedded-ps y embedded-svg, como es demostrado al incluir código PostScript peligroso • http://git.savannah.gnu.org/gitweb/?p=lilypond.git%3Ba=commit%3Bh=b84ea4740f3279516905c5db05f4074e777c16ff http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2JYMVLTPSNYS5F7TBHKIXUZZJIJAMRX https://www.debian.org/security/202 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-16118
https://notcve.org/view.php?id=CVE-2020-16118
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. En GNOME Balsa versiones anteriores a 2.6.0, un operador de servidor malicioso o un man in the middle puede desencadenar una desreferencia del puntero NULL y un bloqueo del cliente mediante el envío de una respuesta PREAUTH hacia la función imap_mbox_connect en la biblioteca libbalsa/imap/imap-handle.c • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00045.html https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 https://gitlab.gnome.org/GNOME/balsa/-/issues/23 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-15917
https://notcve.org/view.php?id=CVE-2020-15917
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES https://git.claws-mail.org/?p=claws.git%3Ba=commit% •