CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-24370 – lua: segmentation fault in getlocal and setlocal functions in ldebug.c
https://notcve.org/view.php?id=CVE-2020-24370
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). El archivo ldebug.c en Lua versión 5.4.0, permite un desbordamiento de negación y un error de segmentación en getlocal y setlocal, como es demostrado por getlocal (3,2^31). • http://lua-users.org/lists/lua-l/2020-07/msg00324.html https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ https://acce • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-682: Incorrect Calculation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-17498
https://notcve.org/view.php?id=CVE-2020-17498
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. En Wireshark versiones 3.2.0 hasta 3.2.5, el disector del protocolo Kafka podría bloquearse. Esto fue abordado en el archivo epan/dissectors/packet-kafka.c evitando una doble liberación durante la descompresión de LZ4 • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=76afda963de4f0b9be24f2d8e873990a5cbf221b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AII7UYDPNKYE75AZL45M6HAV2COP7F6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-415: Double Free •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17507 – qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
https://notcve.org/view.php?id=CVE-2020-17507
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Se detectó un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La función read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del búfer • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html https://codereview.qt-project.org/c/qt/qtbase/+/30843 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16145
https://notcve.org/view.php?id=CVE-2020-16145
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. Roundcube Webmail versiones anteriores a 1.3.15 y 1.4.8, permite un ataque de tipo XSS almacenado en mensajes HTML durante la visualización de mensajes por medio de un documento SVG diseñado. Este problema se ha solucionado en la versión 1.4.8 y versión 1.3.15. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b#diff-d3bb3391c79904494c60ee2ac2f33070 https://github.com/roundcube/roundcubemail/releases/tag/1.3.15 https://github.com/roundcube/roundcubemail/releases/tag/1.4.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DAXK3565NYK4OEZVTW6S5LEVIDQEY2E https://li • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12673 – dovecot: Out of bound reads in dovecot NTLM implementation
https://notcve.org/view.php?id=CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. En Dovecot versiones anteriores a 2.3.11.3, el envío de una petición NTLM con formato especial bloqueará el servicio auth debido a una lectura fuera de límites A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2 https://lists.fedoraproject.org/ar • CWE-125: Out-of-bounds Read •