CVE-2019-13033
https://notcve.org/view.php?id=CVE-2019-13033
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. En CISOfy Lynis versiones 2.x hasta 2.7.5, la clave de licencia puede ser obtenida mediante la búsqueda de la lista de procesos cuando se lleva cabo una carga de datos. Esta licencia puede ser usada para cargar datos en un servidor central de Lynis. • https://cisofy.com/security/cve/cve-2019-13033 https://lists.debian.org/debian-lts-announce/2020/06/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDCHEKNR3HPJRNHE5PYKFH5GNBADTPA7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBFHIX6RTHCK37FXMAAXP4KGAMLUFDUD • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-3327 – ClamAV ARJ Archive Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3327
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivos ARJ en Clam AntiVirus (ClamAV) Software versiones 0.102.2, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-20: Improper Input Validation •
CVE-2020-3341 – ClamAV PDF Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3341
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivos PDF en Clam AntiVirus (ClamAV) Software versiones 0.101 hasta 0.102.2, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK https://usn.ubuntu.com/ • CWE-20: Improper Input Validation •
CVE-2020-12823
https://notcve.org/view.php?id=CVE-2020-12823
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. OpenConnect versión 8.09, presenta un desbordamiento del búfer, causando una denegación de servicio (bloqueo de aplicación) o posiblemente otro impacto no especificado, por medio de datos de certificado diseñados en la función get_cert_name en el archivo gnutls.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html https://bugs.gentoo.org/721570 https://gitlab.com/openconnect/openconnect/-/merge_requests/108 https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-1285
https://notcve.org/view.php?id=CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. Apache log4net versiones anteriores a 2.0.10, no deshabilita las entidades externas XML cuando analiza los archivos de configuración de log4net. Esto permite realizar ataques basados en XXE en aplicaciones que aceptan archivos de configuración log4net controlados por el atacante • https://issues.apache.org/jira/browse/LOG4NET-575 https://lists.apache.org/thread.html/r00b16ac5e0bbf7009a0d167ed58f3f94d0033b0f4b3e3d5025cc4872%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r33564de316d4e4ba0fea1d4d079e62cde1ffe64369c1157243d840d9%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r525cbbd7db0aef4a114cf60de8439aa285decc34904d42a7f14f39c3%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r6543acafca3e2d24ff4b0c364a91540cb9378977ffa8d37a03ab4b0f%40%3Cdev.logging.apache.org%3E https://lists.apache.or • CWE-611: Improper Restriction of XML External Entity Reference •