CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-3810 – Debian Security Advisory 4685-1
https://notcve.org/view.php?id=CVE-2020-3810
14 May 2020 — Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Una falta de comprobación de entrada en las implementaciones de ar/tar de APT versiones anteriores a 2.1.2, podría resultar en una denegación de servicio al procesar archivos deb especialmente diseñados USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that A... • https://bugs.launchpad.net/bugs/1878177 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
https://notcve.org/view.php?id=CVE-2020-10711
12 May 2020 — A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NU... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 12%CPEs: 12EXPL: 0CVE-2020-3327 – ClamAV ARJ Archive Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3327
12 May 2020 — A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad e... • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 11EXPL: 0CVE-2020-3341 – ClamAV PDF Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3341
12 May 2020 — A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnera... • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 1CVE-2020-12783 – Debian Security Advisory 4687-1
https://notcve.org/view.php?id=CVE-2020-12783
11 May 2020 — Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Exim versiones hasta 4.93, presenta una lectura fuera de límites en el autenticador SPA lo que podría resultar en una omisión de la autenticación SPA/NTLM en los archivos auths/spa.c y auths/auth-spa.c. It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa auth... • http://www.openwall.com/lists/oss-security/2021/05/04/7 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-12767 – libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
https://notcve.org/view.php?id=CVE-2020-12767
09 May 2020 — exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. La función exif_entry_get_value en el archivo exif-entry.c en libexif versión 0.6.21, presenta un error de división por cero. It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. It was discovered that libexif incorrectly handled certain inputs. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 2CVE-2020-12769 – Ubuntu Security Notice USN-4391-1
https://notcve.org/view.php?id=CVE-2020-12769
09 May 2020 — An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. Se detectó un problema en el kernel de Linux versiones anteriores a 5.4.17. El archivo drivers/spi/spi-dw.c, permite a atacantes causar un pánico por medio de llamadas concurrentes a las funciones dw_spi_irq y dw_spi_transfer_one, también se conoce como CID-19b61392c5a8. It was discovered that the ext4 file system ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-662: Improper Synchronization •
CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12770 – kernel: sg_write function lacks an sg_remove_request call in a certain failure case
https://notcve.org/view.php?id=CVE-2020-12770
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, también se conoce como CID-83c6f2390040. A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and spe... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 1CVE-2020-12771 – Ubuntu Security Notice USN-4463-1
https://notcve.org/view.php?id=CVE-2020-12771
09 May 2020 — An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operación de coalescencia. Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2020-12762 – libfastjson: integer overflow and out-of-bounds write via a large JSON file
https://notcve.org/view.php?id=CVE-2020-12762
09 May 2020 — json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerab... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •