CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-25708 – libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
https://notcve.org/view.php?id=CVE-2020-25708
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. Se encontró un problema de división por cero en libvncserver-0.9.12. Un cliente malicioso podría usar este fallo para enviar un mensaje especialmente diseñado que, cuando se procesaba mediante el servidor VNC, conduciría a una excepción de punto flotante, resultando en una denegación de servicio A divide by zero flaw was found in libvncserver. This flaw allows a malicious client to send a specially crafted message that, when processed by the VNC server, leads to a floating-point exception, resulting in a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1896739 https://lists.debian.org/debian-lts-announce/2022/09/msg00035.html https://access.redhat.com/security/cve/CVE-2020-25708 • CWE-369: Divide By Zero •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25705 – kernel: ICMP rate limiting can be used for DNS poisoning attack
https://notcve.org/view.php?id=CVE-2020-25705
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version Se encontró un fallo en los paquetes ICMP en el kernel de Linux puede permitir a un atacante escanear rápidamente los puertos UDP abiertos. Este defecto permite a un atacante remoto fuera de la ruta eludir efectivamente la aleatorización del puerto de origen UDP. • https://github.com/tdwyer/CVE-2020-25705 https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03 https://access.redhat.com/security/cve/CVE-2020-25705 https://bugzilla.redhat.com/show_bug.cgi?id=1894579 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25692 – openldap: NULL pointer dereference for unauthenticated packet in slapd
https://notcve.org/view.php?id=CVE-2020-25692
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. Se encontró una desreferencia de puntero NULL en el servidor OpenLDAP y se corrigió en openldap versión 2.4.55, durante una petición para cambiar el nombre de los RDN. Un atacante no autenticado podría bloquear remotamente el proceso slapd al enviar una petición especialmente diseñada, causando una Denegación de Servicio A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1894567 https://security.netapp.com/advisory/ntap-20210108-0006 https://access.redhat.com/security/cve/CVE-2020-25692 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25662 – kernel: Red Hat only CVE-2020-12352 regression
https://notcve.org/view.php?id=CVE-2020-25662
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. Se encontró un problema de regresión CVE-2020-12352 solo de Red Hat en la manera en que la implementación de la pila de Bluetooth del kernel de Linux manejaba la inicialización de la memoria de la pila al manejar determinados paquetes AMP. Este fallo permite a un atacante remoto en un rango adyacente filtrar pequeñas porciones de memoria de la pila en el sistema mediante el envío de paquetes AMP especialmente diseñados. • https://access.redhat.com/security/cve/CVE-2020-12352 https://access.redhat.com/security/vulnerabilities/BleedingTooth https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25662 https://bugzilla.redhat.com/show_bug.cgi?id=1891484 • CWE-284: Improper Access Control CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25661 – kernel: Red Hat only CVE-2020-12351 regression
https://notcve.org/view.php?id=CVE-2020-25661
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un problema de regresión CVE-2020-12351 solo de Red Hat en la manera en que la implementación de Bluetooth del kernel de Linux manejaba los paquetes L2CAP con A2MP CID. Este fallo permite a un atacante remoto en un rango adyacente bloquear el sistema, causando una denegación de servicio o ejecutando potencialmente código arbitrario en el sistema mediante el envío de un paquete L2CAP especialmente diseñado. • https://access.redhat.com/security/cve/CVE-2020-12351 https://access.redhat.com/security/vulnerabilities/BleedingTooth https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25661 https://bugzilla.redhat.com/show_bug.cgi?id=1891483 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •