CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 1CVE-2020-10029 – glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions
https://notcve.org/view.php?id=CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. La biblioteca GNU C (también se conoce como glibc o libc6) versiones anteriores a 2.32, podría desbordar un búfer sobre la pila durante una reducción de alcance si una entrada a una función long double de 80 bits contiene un patrón de bits no canónico, como es visto cuando se pasa un valor 0x5d4141414141410000 hacia la función sinl sobre sistemas destino de x86. Esto está relacionado con el archivo sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. A flaw was found in glibc in versions prior to 2.32. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E https://security.gentoo.org&#x • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-10018 – webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
https://notcve.org/view.php?id=CVE-2020-10018
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este problema se ha solucionado en 2.28.0 con un manejo mejorado de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html https://bugs.webkit.org/show_bug.cgi?id=204342#c21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF https://security.gentoo.org/glsa/202006-08 https://usn.ubuntu.com/4310-1 https://webkitgtk.org/security/WSA-2020-0003.html https://wpewebki • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 2CVE-2020-6802
https://notcve.org/view.php?id=CVE-2020-6802
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. En Mozilla Bleach versiones anteriores a 3.11, una mutación de XSS afecta a usuarios que llaman a bleach.clean con noscript y una etiqueta sin procesar en la opción de etiquetas allowed/whitelisted. • https://advisory.checkmarx.net/advisory/CX-2020-4276 https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCNLM2MGQTOLCIVVYS2Z5S7KOQJR5JC4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZX https://www.checkmarx.com/blog/vulnerabilities& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-5247 – HTTP Response Splitting in Puma
https://notcve.org/view.php?id=CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. • https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD https://owasp.org/www-communi • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 8.8EPSS: 97%CPEs: 8EXPL: 6CVE-2020-6418 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-6418
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 80.0.3987.122, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://www.exploit-db.com/exploits/48186 https://github.com/ChoKyuWon/CVE-2020-6418 https://github.com/Goyotan/CVE-2020-6418-PoC https://github.com/SivaPriyaRanganatha/CVE-2020-6418 http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html https://access.redhat.com/errata/RHSA-2020:0738 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html https://crbug.com/1053604 https://lists.fedoraproject.org/archives/list/p • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •