CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12861 – sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
https://notcve.org/view.php?id=CVE-2020-12861
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-080 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsonds_net_read function could lead to a remote denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 https://access.redhat.com/security/cve/CVE-2020-12861 https://bugzilla.redhat.com/show_bug& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12867 – sane-backends: NULL pointer dereference in sanei_epson_net_read function
https://notcve.org/view.php?id=CVE-2020-12867
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Una desreferencia del puntero NULL en la función sanei_epson_net_read en SANE Backends versiones anteriores a la 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, también se conoce como GHSL-2020-075 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://l • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6318
https://notcve.org/view.php?id=CVE-2017-6318
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. saned en sane-backends 1.0.25 permite a atacantes remotos obtener información sensible de la memoria a través de un paquete SANE_NET_CONTROL_OPTION manipulado. • http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035059.html http://lists.opensuse.org/opensuse-updates/2017-03/msg00016.html http://www.securityfocus.com/bid/97028 https://alioth.debian.org/tracker/index.php?func=detail&aid=315576 https://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035029.html https://usn.ubuntu.com/4470-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •