CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 1CVE-2020-11763 – OpenEXR: std:: vector out-of-bounds read and write in ImfTileOffsets.cpp
https://notcve.org/view.php?id=CVE-2020-11763
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura y escritura fuera de límites en la función std::vector, como es demostrado por el archivo ImfTileOffsets.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 1CVE-2020-11764 – OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp
https://notcve.org/view.php?id=CVE-2020-11764
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una escritura fuera de límites en la función copyIntoFrameBuffer en el archivo ImfMisc.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1CVE-2020-11765
https://notcve.org/view.php?id=CVE-2020-11765
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta un error por un paso en el uso de la función de lectura del archivo ImfXdr.h por DwaCompressor::Classifier::Classifier, conllevando a una lectura fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-11741
https://notcve.org/view.php?id=CVE-2020-11741
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html http://www.openwall.com/lists/oss-security/2020/04/14/1 http://xenbits.xen.org/xsa/advisory-313.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-11740
https://notcve.org/view.php?id=CVE-2020-11740
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. Se detectó un problema en xenoprof en Xen versiones hasta 4.13.x, permitiendo a usuarios invitados del Sistema Operativo (sin perfiles activos) obtener información confidencial sobre otros invitados. Los invitados no privilegiados pueden solicitar mapear los búferes de xenoprof, inclusive si la creación de perfiles no se ha habilitado para esos invitados. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html http://www.openwall.com/lists/oss-security/2020/04/14/1 http://xenbits.xen.org/xsa/advisory-313.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •