CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919
https://notcve.org/view.php?id=CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-... https://usn.ubun • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-0427 – kernel: out-of-bounds reads in pinctrl subsystem.
https://notcve.org/view.php?id=CVE-2020-0427
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 En la función create_pinctrl del archivo core.c, se presenta una posible lectura fuera de límites debido a un uso de la memoria previamente liberada. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://source.android.com/security/bulletin/pixel/2020-09-01 https://www.starwindsoftware.com/security/sw-20210325-0005 https://access.redhat.com/security/cve/CVE-2020-0427 https://bugzi • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25040
https://notcve.org/view.php?id=CVE-2020-25040
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Sylabs Singularity versiones hasta 3.6.2, presenta permisos no seguros en directorios temporales utilizados en operaciones de compilación de contenedores explícitas e implícitas, una vulnerabilidad diferente a CVE-2020-25039 • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762 https://medium.com/sylabs • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25039
https://notcve.org/view.php?id=CVE-2020-25039
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Sylabs Singularity versiones 3.2.0 hasta 3.6.2, presenta permisos no seguros en directorios temporales usados en fakeroot o en la ejecución del contenedor de espacio de nombres de usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7 https://medium.com/sylabs • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión "one-shot" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html https://github.com/google/brotli/releases/tag/v1.0.9 https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •