CVSS: 6.3EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3350 – Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3350
18 Jun 2020 — A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system ... • https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14396
https://notcve.org/view.php?id=CVE-2020-14396
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-14397 – libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-14397
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rfbregion.c presenta una desreferencia del puntero NULL • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-14398
https://notcve.org/view.php?id=CVE-2020-14398
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Una conexión TCP cerrada inapropiadamente causa un bucle infinito en la biblioteca libvncclient/sockets.c • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14399
https://notcve.org/view.php?id=CVE-2020-14399
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. **EN DISPUTA** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint32_t en la biblioteca libvncclient/rfbproto.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14400
https://notcve.org/view.php?id=CVE-2020-14400
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary ** EN DISPUTA ** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint16_t en la biblioteca libvncserver/translate.c. NOTA: Los terceros no consideran que se ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14402
https://notcve.org/view.php?id=CVE-2020-14402
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/corre.c permite un acceso fuera de límites por medio de codificaciones • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14403
https://notcve.org/view.php?id=CVE-2020-14403
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/hextile.c permite un acceso fuera de límites por medio de codificaciones • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14404
https://notcve.org/view.php?id=CVE-2020-14404
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rre.c permite un acceso fuera de límites por medio de codificaciones • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-14405 – libvncserver: libvncclient/rfbproto.c does not limit TextChat size
https://notcve.org/view.php?id=CVE-2020-14405
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/rfbproto.c no limita el tamaño de TextChat • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •