CVSS: 10.0EPSS: 43%CPEs: 25EXPL: 32CVE-2020-1472 – Microsoft Netlogon Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. • https://www.exploit-db.com/exploits/49071 https://github.com/SecuraBV/CVE-2020-1472 https://github.com/dirkjanm/CVE-2020-1472 https://github.com/VoidSec/CVE-2020-1472 https://github.com/k8gege/CVE-2020-1472-EXP https://github.com/cube0x0/CVE-2020-1472 https://github.com/sv3nbeast/CVE-2020-1472 https://github.com/thatonesecguy/zerologon-CVE-2020-1472 https://github.com/CanciuCostin/CVE-2020-1472 https://github.com/0xkami/CVE-2020-1472 https://github.com/striveben&#x • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-17538 – ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-17538
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función GetNumSameData() en el archivo contrib/lips4/gdevlips.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701792 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-17538 https://bugzilla.redhat.com/show_bug.cgi?id=1870249 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16310 – ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16310
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de división por cero en la función dot24_print_page() en el archivo devices/gdevdm24.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701828 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=eaba1d97b62831b42c51840cc8ee2bc4576c942e https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16310 https://bugzilla.redhat.com/show_bug.cgi?id=1870159 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16309 – ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16309
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función lxm5700m_print_page() en el archivo devices/gdevlxm.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo eps diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701827 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6f7464dddc689386668a38b92dfd03cc1b38a10 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16309 https://bugzilla.redhat.com/show_bug.cgi?id=1870248 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-16308 – ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16308
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función p_print_image() en el archivo devices/gdevcdj.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701829 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=af004276fd8f6c305727183c159b83021020f7d6 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16308 https://bugzilla.redhat.com/show_bug.cgi?id=1870256 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •