Page 18 of 1677 results (0.041 seconds)

CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-14093

https://notcve.org/view.php?id=CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Mutt versiones anteriores a 1.14.3, permite un ataque de tipo man-in-the-middle de fcc/postpone de IMAP por medio de una respuesta PREAUTH • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://bugs.gentoo.org/728300 https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html https://security.gentoo.org/glsa/202007-57 https://usn.ubuntu.com/4401-1 https • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0

CVE-2020-10732 – kernel: uninitialized kernel data leak in userspace coredumps

https://notcve.org/view.php?id=CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Se encontró un fallo en la implementación de los volcados de núcleo del Userspace del kernel de Linux. Este fallo permite a un atacante con una cuenta local bloquear un programa trivial y exfiltrar datos privados del kernel A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d https://github.com/google/kmsan/issues/76 https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj • CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 13%CPEs: 11EXPL: 0

CVE-2020-0198 – libexif: integer overflow in exif_data_load_data_content function in exif-data.c

https://notcve.org/view.php?id=CVE-2020-0198

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 En la función exif_data_load_data_content del archivo exif-data.c, se presenta un posible aborto de UBSAN debido a un desbordamiento de enteros. Esto podría conllevar a una denegación de servicio remota sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. • https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7 https://security.gentoo.org/glsa/202011-19 https://source.android.com/security/bulletin/pixel/2020-06-01 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-0198 https:/ • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

CVE-2020-0543 – hw: Special Register Buffer Data Sampling (SRBDS)

https://notcve.org/view.php?id=CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1

CVE-2020-13974 – kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c

https://notcve.org/view.php?id=CVE-2020-13974

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. Se detectó un problema en el kernel de Linux versión 4.4 hasta la versión 5.7.1. En el archivo drivers/tty/vt/keyboard.c presenta un desbordamiento de enteros si se llama a la función k_ascii varias veces seguidas, también se conoce como CID-b86dab054059. NOTA: Los miembros de la comunidad argumentan que el desbordamiento de números enteros no conduce a un problema de seguridad en este caso A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lkml.org/lkml/2020/3/22/482 https://usn.u • CWE-190: Integer Overflow or Wraparound •