CVE-2020-14606
https://notcve.org/view.php?id=CVE-2020-14606
Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. • https://www.oracle.com/security-alerts/cpujul2020.html •
CVE-2020-12723 – perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS
https://notcve.org/view.php?id=CVE-2020-12723
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del búfer por medio de una expresión regular diseñada debido a llamadas recursivas de la función S_study_chunk • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 https://github.com/Perl/perl5/issues/16947 https://github.com/Perl/perl5/issues/17743 https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE https://security.g • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-185: Incorrect Regular Expression •
CVE-2020-10543 – perl: heap-based buffer overflow in regular expression compiler leads to DoS
https://notcve.org/view.php?id=CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl versiones anteriores a 5.30.3 en plataformas de 32 bits permite un desbordamiento del búfer en la región heap de la memoria porque los cuantificadores de expresiones regulares anidadas presentan un desbordamiento de enteros • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE https://security.gentoo.org/glsa/202006-03 https://security.netapp.com/advisory/ntap-20200611-0001 https://w • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2020-12771
https://notcve.org/view.php?id=CVE-2020-12771
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operación de coalescencia. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lkml.org/lkml/2020/4/26/87 https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4462-1 https: • CWE-667: Improper Locking •
CVE-2019-5108 – kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS
https://notcve.org/view.php?id=CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el kernel de Linux anterior a mainline 5.3. • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200204-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 https://usn.ubuntu.com • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •