CVSS: 7.5EPSS: 8%CPEs: 38EXPL: 1CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. • https://github.com/irsl/CVE-2020-1967 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/5 http://www.openwall.com/lists/oss-security/2020/04/22/2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 https:/&# • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-11793 – webkitgtk: use-after-free via crafted web content
https://notcve.org/view.php?id=CVE-2020-11793
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Hay un uso de la memoria previamente liberada en WebKitGTK versiones anteriores a la versión 2.28.1 y WPE WebKit versiones anteriores a la versión 2.28.1, por medio de un contenido web especialmente diseñado que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y bloqueo de aplicación). A use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6 https://security.gentoo.org/glsa/202006-08 https://usn.ubuntu.com/4331-1 https://webkitg • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 54EXPL: 0CVE-2020-11868 – ntp: DoS on client ntpd using server mode packet
https://notcve.org/view.php?id=CVE-2020-11868
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronización no autenticada por medio de un paquete en modo server con una dirección IP de origen falsificado, porque las transmisiones son reprogramados aun cuando un paquete carece de una marca de tiempo de origen valido. A flaw was found in the Network Time Protocol (NTP), where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon (ntpd) from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet does not have a valid origin timestamp. If the packet is sent to the client frequently enough, it stops polling the server and is unable to synchronize with it. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html http://support.ntp.org/bin/view/Main/NtpBug3592 https://bugzilla.redhat.com/show_bug.cgi?id=1716665 https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200424-0002 https://www.oracle.com//security-alerts/cpujul2021.html https://access&# • CWE-346: Origin Validation Error CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-12519 – squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-12519
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://www.openwall.com/lists/oss-security/2020/04/23/1 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.gentoo.org/glsa/202005-05 https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4356-1 https://www.debian.org/security/2020/dsa-4682 https://a • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 4%CPEs: 10EXPL: 0CVE-2019-12521 – squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
https://notcve.org/view.php?id=CVE-2019-12521
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://www.openwall.com/lists/oss-security/2020/04/23/1 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.gentoo.org/glsa/202005-05 https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4356-1 https://www.debian.org/security/2020/dsa-4682 https://a • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •