CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15306 – Debian Security Advisory 4755-1
https://notcve.org/view.php?id=CVE-2020-15306
26 Jun 2020 — An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Los atributos chunkCount no válidos pueden causar un desbordamiento del búfer de la pila en la función getChunkOffsetTableSize() en el archivo IlmImf/ImfMisc.cpp Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentia... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10753 – ceph: radosgw: HTTP header injection via CORS ExposeHeader tag
https://notcve.org/view.php?id=CVE-2020-10753
26 Jun 2020 — A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. Se encontró un fallo en el Red Hat Ceph Storage RadosGW (Ceph Object Gateway). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 4.9EPSS: 2%CPEs: 32EXPL: 0CVE-2020-15025 – Gentoo Linux Security Advisory 202007-12
https://notcve.org/view.php?id=CVE-2020-15025
24 Jun 2020 — ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. ntpd en ntp versión 4.2.8 versiones anteriores a 4.2.8p15 y versiones 4.3.x anteriores a 4.3.101, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) mediante el envío de paquetes, porque la memoria ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-12862
https://notcve.org/view.php?id=CVE-2020-12862
24 Jun 2020 — An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-082 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-12863
https://notcve.org/view.php?id=CVE-2020-12863
24 Jun 2020 — An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-083 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12864 – Ubuntu Security Notice USN-4470-1
https://notcve.org/view.php?id=CVE-2020-12864
24 Jun 2020 — An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-081 Kritphong... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html • CWE-125: Out-of-bounds Read •
CVSS: 8.0EPSS: 0%CPEs: 7EXPL: 1CVE-2020-12865 – sane-backends: Heap buffer overflow in esci2_img
https://notcve.org/view.php?id=CVE-2020-12865
24 Jun 2020 — A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-084 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12866 – Ubuntu Security Notice USN-4470-1
https://notcve.org/view.php?id=CVE-2020-12866
24 Jun 2020 — A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Una desreferencia de puntero NULL en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, GHSL-2020-079 Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possib... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2020-12861 – sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
https://notcve.org/view.php?id=CVE-2020-12861
24 Jun 2020 — A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-080 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsonds_net_re... • https://packetstorm.news/files/id/172841 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-14983
https://notcve.org/view.php?id=CVE-2020-14983
22 Jun 2020 — The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. El servidor en Chocolate Doom versión 3.0.0 y Crispy Doom versión 5.8.0, no comprueba el valor de num_players controlado por el usuario, conllevando a un desbordamiento del búfer. Un usuario malicioso puede sobrescribir la pila del servidor • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •