CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1CVE-2020-7060 – global buffer-overflow in mbfl_filt_conv_big5_wchar
https://notcve.org/view.php?id=CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. Cuando se usan determinadas funciones de mbstring para convertir codificaciones multibyte, en PHP versiones 7.2.x por debajo de 7.2.27, versiones 7.3.x por debajo de 7.3.14 y versiones 7.4.x por debajo de 7.4.2, es posible suministrar datos que causarán que la función mbfl_filt_conv_big5_wchar lea más allá del buffer asignado. Esto puede conllevar a una divulgación de información o bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://bugs.php.net/bug.php?id=79037 https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html https://seclists.org/bugtraq/2020/Feb/27 https://seclists.org/bugtraq/2020/Feb/31 https://seclists.org/bugtraq/2021/Jan/3 https://security.gentoo.org/glsa/202003-57 https://security.netapp.com/advisory/ntap-20200221-0002 https://usn.ubuntu.com/4279-1 https://www.debian.org/security/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1CVE-2020-7059 – OOB read in php_strip_tags_ex
https://notcve.org/view.php?id=CVE-2020-7059
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. Cuando se usa la función fgetss() para leer datos con etiquetas de eliminación, en PHP versiones 7.2.x por debajo de 7.2.27, versiones 7.3.x por debajo de 7.3.14 y versiones 7.4.x por debajo de 7.4.2, es posible suministrar datos que causarán que esta función lea más allá del búfer asignado. Esto puede conllevar a una divulgación de información o bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://bugs.php.net/bug.php?id=79099 https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html https://seclists.org/bugtraq/2020/Feb/27 https://seclists.org/bugtraq/2020/Feb/31 https://seclists.org/bugtraq/2021/Jan/3 https://security.gentoo.org/glsa/202003-57 https://security.netapp.com/advisory/ntap-20200221-0002 https://usn.ubuntu.com/4279-1 https://www.debian.org/security/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8608 – QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
https://notcve.org/view.php?id=CVE-2020-8608
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. En libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, el archivo tcp_subr.c utiliza inapropiadamente los valores de retorno de snprintf, lo que conlleva a un desbordamiento del búfer en el código posterior. An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcp_emu() routine while emulating IRC and other protocols due to unsafe usage of the snprintf(3) function. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0 https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html https • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2016-9928
https://notcve.org/view.php?id=CVE-2016-9928
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. MCabber versiones anteriores a 1.0.4, es vulnerable a los ataques de tipo roster push, lo que permite a atacantes remotos interceptar comunicaciones, o agregarse como una entidad en la lista de un tercero como otro usuario, que también obtendrá privilegios asociados, por medio de paquetes XMPP diseñados. • http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html http://www.openwall.com/lists/oss-security/2016/12/11/2 http://www.openwall.com/lists/oss-security/2017/02/09/29 http://www.securityfocus.com/bid/94862 https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258 https://bugzilla.redhat.com/show_bug.cgi?id=1403790 https://gultsch.de/gajim_roster_push_and_message_interception.html ht • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8647 – kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
https://notcve.org/view.php?id=CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2 en la función vc_do_resize en el archivo drivers/tty/vt/vt.c. A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://bugzilla.kernel.org/show_bug.cgi?id=206359 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://www.debian.org/security/2020/dsa-4698 https://access.redhat.com/security/cve/CVE-2020-8647 https://bugzilla.redhat.com/show_bug.cgi?id=1802563 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •