Page 21 of 3107 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-20810

https://notcve.org/view.php?id=CVE-2019-20810

go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. La función go7007_snd_init en el archivo driversdrivers/media/usb/go7007/snd-go7007.c en el kernel de Linux versiones anteriores a 5.6, no llama a snd_card_free para una ruta de fallo, lo que causa una pérdida de memoria, también se conoce como CID-9453264ef586. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9453264ef58638ce8976121ac44c07a3ef375983 https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://usn.ubuntu.com/4427-1 https://usn.ubuntu.com/4439-1 https://usn.ubuntu.com/4440 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2020-13757 – python-rsa: decryption of ciphertext leads to DoS

https://notcve.org/view.php?id=CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). Python-RSA versión 4.1, ignora bytes '\0' principales durante la desencriptación del texto cifrado. Esto podría tener un impacto relevante para la seguridad, por ejemplo, al ayudar a un atacante a inferir que una aplicación utiliza Python-RSA, o si la longitud del texto cifrado aceptado afecta al comportamiento de la aplicación (por ejemplo, al causar una asignación excesiva de memoria) A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. • https://github.com/sybrenstuvel/python-rsa/issues/146 https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW https://usn.ubuntu.com/4478-1 https://access.redhat.com/security/cve/CVE-2020-13757 https://bugzilla.redhat.com/show_bug.cgi?id=1848507 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-10936

https://notcve.org/view.php?id=CVE-2020-10936

Sympa before 6.2.56 allows privilege escalation. Sympa versiones anteriores a la versión 6.2.56, permite una escalada de privilegios. • https://github.com/sympa-community/sympa/releases https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5 https://sysdream.com/news/lab https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root https://usn.ubuntu.com/4442- • CWE-269: Improper Privilege Management •

CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-13113 – libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free

https://notcve.org/view.php?id=CVE-2020-13113

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Un uso de la memoria no inicializada en el manejo de EXIF Makemote podría conllevar a bloqueos y condiciones potenciales de uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13113 https://bugzilla.redhat.com/show_bug.cgi?id=1840347 • CWE-822: Untrusted Pointer Dereference CWE-908: Use of Uninitialized Resource •

CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS

https://notcve.org/view.php?id=CVE-2020-13112

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13112 https://bugzilla.redhat.com/show_bug.cgi?id=1840344 • CWE-125: Out-of-bounds Read •