CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-27842 – openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c
https://notcve.org/view.php?id=CVE-2020-27842
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Se presenta un fallo en el codificador t2 de openjpeg en versiones anteriores a 2.4.0. Un atacante que sea capaz de proporcionar una entrada diseñada para ser procesada por openjpeg podría causar una desreferencia del puntero null. • https://bugzilla.redhat.com/show_bug.cgi?id=1907513 https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://security.gentoo.org/glsa/202101-29 https://www.debian.org/security/2021/dsa-4882 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://access.redhat.com/security/cve/CVE-2020-27842 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27825
https://notcve.org/view.php?id=CVE-2020-27825
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. Se encontró un fallo de uso de la memoria previamente liberada en el archivo kernel/trace/ring_buffer.c en el kernel de Linux (anteriores a la versión 5.10-rc1). Se presentó un problema de carrera en trace_open y el cambio de tamaño del búfer de la CPU ejecutándose paralelamente en diferentes CPUs, puede causar un problema de Denegación de Servicio (DOS). • https://bugzilla.redhat.com/show_bug.cgi?id=1905155 https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://security.netapp.com/advisory/ntap-20210521-0008 https://www.debian.org/security/2021/dsa-4843 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-27818
https://notcve.org/view.php?id=CVE-2020-27818
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Se encontró un fallo en la función check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podría causar una denegación temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicación. • https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26 https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 https://bugzilla.redhat.com/show_bug.cgi?id=1902011 https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 2CVE-2020-27783 – python-lxml: mXSS due to the use of improper parser
https://notcve.org/view.php?id=CVE-2020-27783
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. Se detectó una vulnerabilidad de tipo XSS en el módulo de limpieza de python-lxml. El analizador del módulo no imitaba apropiadamente los navegadores, lo que causaba comportamientos diferentes entre el sanitizador y la página del usuario. • https://advisory.checkmarx.net/advisory/CX-2020-4286 https://bugzilla.redhat.com/show_bug.cgi?id=1901633 https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK https://security.netapp.com/advisory/ntap-20210521-0003 https://www.debian.org/security/2020/dsa-481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 2CVE-2020-25656 – kernel: use-after-free in read in vt_do_kdgkb_ioctl
https://notcve.org/view.php?id=CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux. • https://bugzilla.redhat.com/show_bug.cgi?id=1888726 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://lkml.org/lkml/2020/10/16/84 https://lkml.org/lkml/2020/10/29/528 https://www.starwindsoftware.com/security/sw-20210325-0006 https://access.redhat.com/security/cve/CVE-2020-25656 • CWE-416: Use After Free •