CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2019-20907 – python: infinite loop in the tarfile module via crafted TAR archive
https://notcve.org/view.php?id=CVE-2019-20907
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. En la biblioteca Lib/tarfile.py en Python versiones hasta 3.8.3, un atacante puede diseñar un archivo TAR conllevando a un bucle infinito cuando se abrió mediante tarfile.open, porque la función _proc_pax carece de comprobación de encabezado A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html https://bugs.python.org/issue39017 https://github.com/python/cpython/pull/21454 https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html https://lists.debian.org/debian-lts-announce/2020/ • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 4CVE-2019-20892
https://notcve.org/view.php?id=CVE-2019-20892
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. net-snmp versiones anteriores a 5.8.1.pre1 presenta una doble liberación en la función usm_free_usmStateReference en el archivo snmplib/snmpusm.c por medio de una petición SNMPv3 GetBulk. NOTA: esto afecta a los paquetes net-snmp enviados a los usuarios finales por múltiples distribuciones de Linux, pero podría no afectar una versión anterior • http://www.openwall.com/lists/oss-security/2020/06/25/4 https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 https://bugzilla.redhat.com/show_bug.cgi?id=1663027 https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 https://security.gentoo.org/glsa/202008-12 https://sourceforge.net/p/net-snmp/bugs/2923 https://usn.ubuntu.com/4410-1 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-415: Double Free •
CVSS: 4.9EPSS: 0%CPEs: 32EXPL: 0CVE-2020-15025
https://notcve.org/view.php?id=CVE-2020-15025
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. ntpd en ntp versión 4.2.8 versiones anteriores a 4.2.8p15 y versiones 4.3.x anteriores a 4.3.101, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) mediante el envío de paquetes, porque la memoria no es liberada en situaciones donde se usa una clave CMAC y está asociada con un algoritmo CMAC en el archivo ntp.keys • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html https://bugs.gentoo.org/729458 https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200702-0002 https://support.ntp.org/bin/view/Main/NtpBug3661 https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea https://www.oracle.com/security-alerts/cpujan2021.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 2CVE-2020-13871
https://notcve.org/view.php?id=CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. SQLite versión 3.32.2, presenta un uso de la memoria previamente liberada en la función resetAccumulator en el archivo select.c porque la reescritura del árbol de análisis para funciones de ventana es demasiado tarde • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200619-0002 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.sqlite.org/src/info/79eff1d03831 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 1%CPEs: 13EXPL: 0CVE-2020-13596
https://notcve.org/view.php?id=CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.13 y versiones 3.0 anteriores a 3.0.7. En casos donde un backend memcached no lleva a cabo una comprobación de la clave, pasa claves de caché maliciosas que podría resultar en una colisión de claves y una potencial filtración de datos. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/forum/#%21msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://security.netapp.com/advisory/ntap-20200611-0002 https://usn.ubuntu.com/4381-1 https://usn.ubuntu.com/4381-2 https://www.debian.org/security/2020/dsa-4705 https://www.djangoproject.com/weblog/2020/jun/03/security-releases https& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •