CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-10007 – Apple macOS powerd Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10007
04 Dec 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of root. macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2020/Dec/26 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29529 – go-slug: partial protection against zip slip attacks
https://notcve.org/view.php?id=CVE-2020-29529
03 Dec 2020 — Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities. • https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2020-25693
https://notcve.org/view.php?id=CVE-2020-25693
03 Dec 2020 — Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1893377 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 2CVE-2020-27783 – python-lxml: mXSS due to the use of improper parser
https://notcve.org/view.php?id=CVE-2020-27783
03 Dec 2020 — Issues addressed include buffer overflow, code execution, cross site scripting, denial of service, information leakage, integer overflow, and traversal vulnerabilities. • https://advisory.checkmarx.net/advisory/CX-2020-4286 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27764 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27764
03 Dec 2020 — In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. En el archivo /MagickCore/s... • https://bugzilla.redhat.com/show_bug.cgi?id=1894683 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27762
https://notcve.org/view.php?id=CVE-2020-27762
03 Dec 2020 — A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Se encontró un fallo en ImageMagick en el archivo coders/hdr.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894680 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27761
https://notcve.org/view.php?id=CVE-2020-27761
03 Dec 2020 — WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick... • https://bugzilla.redhat.com/show_bug.cgi?id=1894679 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27759
https://notcve.org/view.php?id=CVE-2020-27759
03 Dec 2020 — In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions... • https://bugzilla.redhat.com/show_bug.cgi?id=1894238 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27813 – golang-github-gorilla-websocket: integer overflow leads to denial of service
https://notcve.org/view.php?id=CVE-2020-27813
02 Dec 2020 — An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. ... Un atacante podría usar este fallo para causar un ataque de denegación de servicio en un Servidor HTTP permitiendo conexiones websocket An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. ... Issues addressed include bypass, denial of service, integer overflow, man-in-the-middle, and... • https://bugzilla.redhat.com/show_bug.cgi?id=1902111 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14360 – X.Org Server XkbSetMap Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14360
01 Dec 2020 — Issues addressed include buffer overflow, double free, heap overflow, integer overflow, out of bounds access, and privilege escalation vulnerabilities. • https://bugzilla.redhat.com/show_bug.cgi?id=1869139 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •