CVSS: 9.8EPSS: 87%CPEs: 3EXPL: 4CVE-2020-13160 – AnyDesk 5.5.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-13160
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. AnyDesk versiones anteriores a 5.5.3 en Linux y FreeBSD presenta una vulnerabilidad de cadena de formato que puede ser explotada para una ejecución de código remota AnyDesk version 5.5.2 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/49613 http://packetstormsecurity.com/files/158291/AnyDesk-GUI-Format-String-Write.html http://packetstormsecurity.com/files/161628/AnyDesk-5.5.2-Remote-Code-Execution.html https://devel0pment.de/?p=1881 https://download.anydesk.com/changelog.txt - • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 1CVE-2020-13434 – sqlite: integer overflow in sqlite3_str_vappendf function in printf.c
https://notcve.org/view.php?id=CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite versiones hasta 3.32.0, presenta un desbordamiento de enteros en la función sqlite3_str_vappendf en el archivo printf.c. An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN https://security.FreeBSD.org/advisories/FreeBSD-SA-20: • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15880
https://notcve.org/view.php?id=CVE-2019-15880
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r356911 y versiones 12.1-RELEASE anteriores a p5, una comprobación insuficiente en el módulo cryptodev asignó el tamaño de un búfer del kernel basado en una longitud suministrada por el usuario permitiendo a un proceso no privilegiado desencadenar un pánico del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:16.cryptodev.asc https://security.netapp.com/advisory/ntap-20200518-0008 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2019-15879
https://notcve.org/view.php?id=CVE-2019-15879
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. En FreeBSD versiones 12.1-STABLE anteriores a r352509, versiones 11.3-STABLE anteriores a r352509 y versiones 11.3-RELEASE anteriores a p9, una condición de carrera en el módulo cryptodev permitía utilizar una estructura de datos en el kernel después de liberarla, permitiendo a un proceso no privilegiado poder sobrescribir la memoria del kernel arbitrariamente. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:15.cryptodev.asc https://security.netapp.com/advisory/ntap-20200518-0005 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-15878
https://notcve.org/view.php?id=CVE-2019-15878
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. En FreeBSD versiones 12.1-STABLE anteriores a r352509, versiones 11.3-STABLE anteriores a r352509 y versiones 11.3-RELEASE anteriores a p9, un usuario local no privilegiado puede desencadenar una situación de uso de la memoria previamente liberada debido a una comprobación inapropiada en SCTP cuando una aplicación intenta actualizar una clave compartida SCTP-AUTH. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc https://security.netapp.com/advisory/ntap-20200518-0007 • CWE-416: Use After Free •