CVSS: 8.8EPSS: 0%CPEs: 55EXPL: 1CVE-2020-11113 – jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
https://notcve.org/view.php?id=CVE-2020-11113
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (también se conoce como openjpa). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/Al1ex/CVE-2020-11113 https://github.com/FasterXML/jackson-databind/issues/2670 https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200403-0002 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2020-10595
https://notcve.org/view.php?id=CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option. pam-krb5 versiones anteriores a 4.9, presenta un desbordamiento del búfer que puede causar una ejecución de código remota en situaciones que involucran una sugerencia suplementaria para una biblioteca de Kerberos. Esto puede desbordar un búfer proporcionado por la biblioteca Kerberos subyacente por un solo byte "\0" si un atacante responde a un aviso con una respuesta de una longitud cuidadosamente elegida. • http://www.openwall.com/lists/oss-security/2020/03/31/1 https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760 https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html https://usn.ubuntu.com/4314-1 https://www.debian.org/security/2020/dsa-4648 https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 1CVE-2020-7066 – get_headers() silently truncates after a null byte
https://notcve.org/view.php?id=CVE-2020-7066
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. En las versiones de PHP 7.2.x anterior a la versión 7.2.29, 7.3.x anterior a 7.3.16 y 7.4.x anterior a 7.4.4, mientras usa get_headers () con la URL suministrada por el usuario, si la URL contiene un carácter cero (\ 0), el La URL se truncará silenciosamente en ella. Esto puede hacer que algunos programas hagan suposiciones incorrectas sobre el objetivo de get_headers () y posiblemente envíen información a un servidor incorrecto. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html https://bugs.php.net/bug.php?id=79329 https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html https://security.netapp.com/advisory/ntap-20200403-0001 https://usn.ubuntu.com/4330-2 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2020-7066 https://bu • CWE-170: Improper Null Termination CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 1CVE-2020-7064 – Use-of-uninitialized-value in exif
https://notcve.org/view.php?id=CVE-2020-7064
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. En PHP versiones 7.2.x por debajo de 7.2.9, versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, al analizar datos EXIF ??con la función exif_read_data(), es posible que unos datos maliciosos causen que PHP lea un byte de memoria no inicializada. Esto podría potencialmente conllevar a una divulgación de información o a un bloqueo • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html https://bugs.php.net/bug.php?id=79282 https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html https://security.netapp.com/advisory/ntap-20200403-0001 https://usn.ubuntu.com/4330-1 https://usn.ubuntu.com/4330-2 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.oracle.com/security-alerts/cpujan2021.html https://www.tenable.com/ • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2020-1772 – Information Disclosure
https://notcve.org/view.php?id=CVE-2020-1772
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. Es posible diseñar peticiones de Contraseña Perdida con wildcards en el valor de Token, permite a un atacante recuperar Token(s) válidos, generados por usuarios que ya solicitaron nuevas contraseñas. Este problema afecta a: ((OTRS)) Community Edition versiones 5.0.41 y anteriores, versiones 6.0.26 y anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2020-09 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •