CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión "one-shot" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html https://github.com/google/brotli/releases/tag/v1.0.9 https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1133 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1133
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de archivos, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133 •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1130 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1130
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de datos, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130 •