CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-3327 – ClamAV ARJ Archive Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3327
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivos ARJ en Clam AntiVirus (ClamAV) Software versiones 0.102.2, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
https://notcve.org/view.php?id=CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4411-1 https://usn.ubuntu.com/4412-1 https://usn.ubuntu.com/4413-1 https://usn.ubuntu.com/4414-1 https://usn.ubuntu& • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-12783
https://notcve.org/view.php?id=CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Exim versiones hasta 4.93, presenta una lectura fuera de límites en el autenticador SPA lo que podría resultar en una omisión de la autenticación SPA/NTLM en los archivos auths/spa.c y auths/auth-spa.c. • http://www.openwall.com/lists/oss-security/2021/05/04/7 https://bugs.exim.org/show_bug.cgi?id=2571 https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86 https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-12767 – libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
https://notcve.org/view.php?id=CVE-2020-12767
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. La función exif_entry_get_value en el archivo exif-entry.c en libexif versión 0.6.21, presenta un error de división por cero. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/issues/31 https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4358-1 https://access.redhat.com/security/cve/CVE-2020-12767 https://bugzilla.redhat.com/show_bug.cgi?id=1834950 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 2CVE-2020-12769
https://notcve.org/view.php?id=CVE-2020-12769
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. Se detectó un problema en el kernel de Linux versiones anteriores a 5.4.17. El archivo drivers/spi/spi-dw.c, permite a atacantes causar un pánico por medio de llamadas concurrentes a las funciones dw_spi_irq y dw_spi_transfer_one, también se conoce como CID-19b61392c5a8. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lkml.org/lkml/2020& • CWE-662: Improper Synchronization •