CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15395
https://notcve.org/view.php?id=CVE-2020-15395
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). En MediaInfoLib en MediaArea MediaInfo versión 20.03, se presenta una lectura excesiva del búfer en la región stack de la memoria en la función Streams_Fill_PerStream en el archivo Multiple/File_MpegPs.cpp (también se conoce como por un paso durante el análisis de MpegPs) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQJCEQRRPTN5CY5URDFTEJU3A2VKLNBA https://mediaarea.net/en/MediaInfo https://sourceforge.net/p/mediainfo/bugs/1127 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14002
https://notcve.org/view.php?id=CVE-2020-14002
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). PuTTY versiones 0.68 hasta 0.73, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a los intentos iniciales de conexión (donde ninguna clave de host para el servidor ha sido almacenada en caché por parte del cliente) • https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JPV4A77EDCT4BTFO5BE26ZH72BG4E5IJ https://lists.tartarus.org/pipermail/putty-announce https://security.netapp.com/advisory/ntap-20200717-0003 https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.fzi.de/en/news/new • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4067 – Improper Initialization in coturn
https://notcve.org/view.php?id=CVE-2020-4067
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. En coturn anterior a la versión 4.5.1.3, se presenta un problema por el cual el búfer de respuesta STUN/TURN no se inicializa apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15 https://github.com/coturn/coturn/issues/583 https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM https://lists.fedoraproject.org/archives/list/p • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15304
https://notcve.org/view.php?id=CVE-2020-15304
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Un archivo de entrada de mosaico no válido podría provocar un acceso de la memoria no válido en la función TiledInputFile::TiledInputFile() en el archivo IlmImf/ImfTiledInputFile.cpp, como es demostrado por una desreferencia del puntero NULL • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/727 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15305
https://notcve.org/view.php?id=CVE-2020-15305
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. La entrada no válida podría causar un uso de la memoria previamente liberada de la función DeepScanLineInputFile::DeepScanLineInputFile() en el archivo IlmImf/ImfDeepScanLineInputFile.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/730 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-416: Use After Free •