CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20637 – varnish: not clearing pointer between two client requests leads to information disclosure
https://notcve.org/view.php?id=CVE-2019-20637
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. Se detectó un problema en Varnish Cache versiones anteriores a 6.0.5 LTS, versiones 6.1.x y versiones 6.2.x anteriores a 6.2.2 y versiones 6.3.x anteriores a 6.3.1. No borra un puntero entre el manejo de una petición de cliente y la siguiente petición dentro de la misma conexión. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html http://varnish-cache.org/security/VSV00004.html#vsv00004 https://access.redhat.com/security/cve/CVE-2019-20637 https://bugzilla.redhat.com/show_bug.cgi?id=1772362 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11653 – varnish: remote clients may cause Varnish to assert and restart which could result in DoS
https://notcve.org/view.php?id=CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. Se detectó un problema en Varnish Cache versiones anteriores a 6.0.6 LTS, versiones 6.1.x y versiones 6.2.x anteriores a 6.2.3 y versiones 6.3.x anteriores a 6.3.2. Se presenta cuando la comunicación con un proxy de terminación TLS usa PROXY versión 2. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://varnish-cache.org/security/VSV00005.html#vsv00005 https://access.redhat.com/security/cve/CVE-2020-11653 https://bugzilla.redhat.com/show_bug.cgi?id=1813867 • CWE-400: Uncontrolled Resource Consumption CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-6451 – chromium-browser: Use after free in WebAudio
https://notcve.org/view.php?id=CVE-2020-6451
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada de WebAudio en Google Chrome versiones anteriores a 80.0.3987.162, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html https://crbug.com/1061018 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN https://access.red • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-6450 – chromium-browser: Use after free in WebAudio
https://notcve.org/view.php?id=CVE-2020-6450
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada de WebAudio en Google Chrome versiones anteriores a 80.0.3987.162, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html https://crbug.com/1062247 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN https://access.red • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-18904 – Migrations requests can cause DoS on rmt
https://notcve.org/view.php?id=CVE-2019-18904
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. • https://bugzilla.suse.com/show_bug.cgi?id=1160922 • CWE-400: Uncontrolled Resource Consumption •