CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2020-14779 – OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
https://notcve.org/view.php?id=CVE-2020-14779
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2 https://lists.fedoraproject.or • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 3%CPEs: 5EXPL: 5CVE-2020-15999 – Google Chrome FreeType Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Freetype en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file. FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png. Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. • https://github.com/oxfemale/CVE-2020-15999 https://github.com/maarlo/CVE-2020-15999 https://github.com/Marmeus/CVE-2020-15999 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://seclists.org/fulldisclosure/2020/Nov/33 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html https://crbug.com/1139963 https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html https://lists.fedoraproject.org/archives/list/package-announce%40 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25829
https://notcve.org/view.php?id=CVE-2020-25829
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Se ha encontrado un problema en PowerDNS Recursor versiones anteriores a 4.1.18, versiones 4.2.x anteriores a 4.2.5 y versiones 4.3.x anteriores a 4.3.5. Un atacante remoto puede causar que los registros en caché para un nombre dado sean actualizados al estado de comprobación de Bogus DNSSEC, en lugar de su estado DNSSEC Secure real, por medio de una consulta ANY de DNS. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html https://security.gentoo.org/glsa/202012-19 •
CVSS: 8.8EPSS: 5%CPEs: 5EXPL: 0CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la detección del servicio, debido a un evento MGMT de desconexión redundante • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html https://bugzilla.redhat.com/show_bug.cgi?id=1884817 https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html https://security.gentoo.org/glsa/202011-01 https://www.debian.org/security/2021/dsa-4951& • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15229 – Path traversal and files overwrite with unsquashfs
https://notcve.org/view.php?id=CVE-2020-15229
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00009.html https://github.com/hpcng/singularity/blob/v3.6.4/CHANGELOG.md#security-related-fixes https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e https://github.com/hpcng/singularity/pull/5611 https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •