CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0181 – libexif: integer overflow in exif_data_load_data_thumbnail function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0181
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 En la función la función exif_data_load_data_thumbnail del archivo exif-data.c, se presenta una posible denegación de servicio debido a un desbordamiento de enteros. Esto podría conllevar a una denegación de servicio remota sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7 https://security.gentoo.org/glsa/202011-19 https://source.android.com/security/bulletin/pixel/2020-06-01 https://access.redhat.com/security/cve/CVE-2020-0181 https://bugzilla.redhat.com/show_bug.cgi?id=1847131 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-4049 – Authenticated self-XSS via theme uploads in WordPress
https://notcve.org/view.php?id=CVE-2020-4049
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, cuando se cargan temas, el nombre de la carpeta temas puede ser diseñada en una manera que podría conllevar a una ejecución de JavaScript en /wp-admin en la página temas. Esto requiere un administrador para cargar el tema, y ?? • https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0CVE-2020-4047 – Authenticated XSS via media attachment page in WordPress
https://notcve.org/view.php?id=CVE-2020-4047
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, los usuarios autenticados con permisos de carga (como los autores) pueden inyectar JavaScript en algunas páginas de archivos adjuntos multimedia de determinada manera. Esto puede conllevar a una ejecución de script en el contexto de un usuario con mayores privilegios cuando el archivo es visualizado por ellos. • https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2020-4046 – Authenticated XSS through embed block in WordPress
https://notcve.org/view.php?id=CVE-2020-4046
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, los usuarios con pocos privilegios (como colaboradores y autores) pueden usar el bloque incorporado de determinada manera para inyectar HTML no filtrado en el editor de bloques. Cuando las publicaciones afectadas son vistas por un usuario con mayores privilegios, esto podría conllevar a una ejecución de script en el archivo editor/wp-admin. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release https://www.debian.org/security/2020/dsa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.7EPSS: 0%CPEs: 23EXPL: 0CVE-2020-4048 – Open redirect in wp_validate_redirect() in WordPress
https://notcve.org/view.php?id=CVE-2020-4048
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, debido a un problema en la función wp_validate_redirect() y el saneamiento de URL, se puede crear un enlace externo arbitrario que puede conllevar a una redireccionamiento abierto involuntario al hacer clic. Esto ha sido parcheado en la versión 5.4.2, junto con todas las versiones afectadas anteriormente por medio de una versión menor (versiones 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34) • https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •