CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16287 – ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16287
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función lprn_is_black() en el archivo contrib/lips4/gdevlprn.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701785 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=450da26a76286a8342ec0864b3d113856709f8f6 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16287 https://bugzilla.redhat.com/show_bug.cgi?id=1870242 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12673 – dovecot: Out of bound reads in dovecot NTLM implementation
https://notcve.org/view.php?id=CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. En Dovecot versiones anteriores a 2.3.11.3, el envío de una petición NTLM con formato especial bloqueará el servicio auth debido a una lectura fuera de límites A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2 https://lists.fedoraproject.org/ar • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 1CVE-2020-12100 – dovecot: Resource exhaustion via deeply nested MIME parts
https://notcve.org/view.php?id=CVE-2020-12100
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. En Dovecot versiones anteriores a 2.3.11.3, la recursividad no controlada en submission, lmtp, y lda permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de un mensaje de correo electrónico diseñado con partes MIME profundamente anidadas A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2021/Jan/18 http://www.openwall.com/lists/oss-security/2020/08/12/1 http://www.openwall.com/lists/oss-security/2021/01/04/3 https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2 http • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12674 – dovecot: Crash due to assert in RPA implementation
https://notcve.org/view.php?id=CVE-2020-12674
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. En Dovecot versiones anteriores a 2.3.11.3, el envío de una petición RPA con un formato especial bloqueará el servicio auth porque una longitud de cero es manejada inapropiadamente A flaw was found in dovecot. An attacker can use the way dovecot handles RPA (Remote Passphrase Authentication) to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2 https://lists.fedoraproject.org/ar • CWE-125: Out-of-bounds Read •
CVSS: 3.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-16092 – QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c
https://notcve.org/view.php?id=CVE-2020-16092
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. En QEMU versiones hasta 5.0.0, puede ocurrir un fallo de aserción en el procesamiento de paquetes de red. Este problema afecta a los dispositivos de red e1000e y vmxnet3. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html http://www.openwall.com/lists/oss-security/2020/08/10/1 https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20200821-0006 https://usn.ubuntu.com/4467-1 https://www.debian.org/security/2020/dsa-4760 https://access.redhat.com/s • CWE-617: Reachable Assertion •