CVE-2020-16289 – ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16289
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función cif_print_page() en el archivo devices/gdevcif.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701788 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d31e25ed5b130499e0d880e4609b1b4824699768 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16289 https://bugzilla.redhat.com/show_bug.cgi?id=1870244 • CWE-787: Out-of-bounds Write •
CVE-2020-16288 – ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16288
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función pj_common_print_page() en el archivo devices/gdevpjet.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=aba3375ac24f8e02659d9b1eb9093909618cdb9f https://bugs.ghostscript.com/show_bug.cgi?id=701791 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16288 https://bugzilla.redhat.com/show_bug.cgi?id=1870266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2020-16287 – ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16287
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función lprn_is_black() en el archivo contrib/lips4/gdevlprn.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701785 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=450da26a76286a8342ec0864b3d113856709f8f6 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16287 https://bugzilla.redhat.com/show_bug.cgi?id=1870242 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2020-12673 – dovecot: Out of bound reads in dovecot NTLM implementation
https://notcve.org/view.php?id=CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. En Dovecot versiones anteriores a 2.3.11.3, el envío de una petición NTLM con formato especial bloqueará el servicio auth debido a una lectura fuera de límites A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2 https://lists.fedoraproject.org/ar • CWE-125: Out-of-bounds Read •
CVE-2020-12100 – dovecot: Resource exhaustion via deeply nested MIME parts
https://notcve.org/view.php?id=CVE-2020-12100
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. En Dovecot versiones anteriores a 2.3.11.3, la recursividad no controlada en submission, lmtp, y lda permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de un mensaje de correo electrónico diseñado con partes MIME profundamente anidadas A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2021/Jan/18 http://www.openwall.com/lists/oss-security/2020/08/12/1 http://www.openwall.com/lists/oss-security/2021/01/04/3 https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2 http • CWE-674: Uncontrolled Recursion •