CVSS: 4.9EPSS: 2%CPEs: 32EXPL: 0CVE-2020-15025 – Gentoo Linux Security Advisory 202007-12
https://notcve.org/view.php?id=CVE-2020-15025
24 Jun 2020 — ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. ntpd en ntp versión 4.2.8 versiones anteriores a 4.2.8p15 y versiones 4.3.x anteriores a 4.3.101, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) mediante el envío de paquetes, porque la memoria ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 5%CPEs: 11EXPL: 0CVE-2020-8619 – A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
https://notcve.org/view.php?id=CVE-2020-8619
17 Jun 2020 — In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause deni... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html • CWE-404: Improper Resource Shutdown or Release CWE-617: Reachable Assertion •
CVSS: 4.9EPSS: 2%CPEs: 5EXPL: 0CVE-2020-8618 – A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
https://notcve.org/view.php?id=CVE-2020-8618
17 Jun 2020 — An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. Un atacante al que se le permite enviar datos de zona a un servidor mediante la transferencia de zona puede explotar esto para provocar intencionalmente el fallo de aserción con una zona especialmente construida, negando el servicio a los clientes It was discovered that Bind incorrectly handled large respon... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html • CWE-617: Reachable Assertion •
CVSS: 8.1EPSS: 9%CPEs: 21EXPL: 1CVE-2020-14195 – jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
https://notcve.org/view.php?id=CVE-2020-14195
16 Jun 2020 — FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con org.jsecurity.realm.jndi.JndiRealmFactory (también se conoce como org.jsecurity) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. Fa... • https://github.com/Al1ex/CVE-2020-14195 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
15 Jun 2020 — libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distributi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 8%CPEs: 19EXPL: 0CVE-2020-14060 – jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool
https://notcve.org/view.php?id=CVE-2020-14060
14 Jun 2020 — FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura, relacionada con oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (también se conoce como apache/drill) A flaw was found in jackson-databind 2.x in versions prior t... • https://github.com/FasterXML/jackson-databind/issues/2688 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 6%CPEs: 22EXPL: 0CVE-2020-14061 – jackson-databind: serialization in weblogic/oracle-aqjms
https://notcve.org/view.php?id=CVE-2020-14061
14 Jun 2020 — FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura,... • https://github.com/FasterXML/jackson-databind/issues/2698 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 7%CPEs: 20EXPL: 0CVE-2020-14062 – jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
https://notcve.org/view.php?id=CVE-2020-14062
14 Jun 2020 — FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (también se conoce como xalan2) A flaw was found in jackson-databind 2.x in vers... • https://github.com/FasterXML/jackson-databind/issues/2704 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0CVE-2020-10732 – kernel: uninitialized kernel data leak in userspace coredumps
https://notcve.org/view.php?id=CVE-2020-10732
12 Jun 2020 — A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Se encontró un fallo en la implementación de los volcados de núcleo del Userspace del kernel de Linux. Este fallo permite a un atacante con una cuenta local bloquear un programa trivial y exfiltrar datos privados del kernel A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 2CVE-2020-10757 – kernel: kernel: DAX hugepages not considered during mremap
https://notcve.org/view.php?id=CVE-2020-10757
09 Jun 2020 — A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Se encontró un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manejó DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema A flaw was found in the way mre... • https://github.com/ShaikUsaf/linux-4.19.72_CVE-2020-10757 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •