CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 versiones anteriores a 2.06, en la función read_section_as_string(). Se espera que el nombre de la fuente sea una longitud máxima UINT32_MAX - 1 en bytes, pero no lo verifica antes de proceder con la asignación del búfer para leer el valor desde el valor de la fuente. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310 https://security.gentoo.org/glsa/202104-05 https://usn.ubuntu.com/4432-1 https://access.redhat.com/security/cve/CVE-2020-14310 https://bugzilla.redhat.com/show_bug.cgi?id=1852030 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15863
https://notcve.org/view.php?id=CVE-2020-15863
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. El archivo hw/net/xgmac.c en el controlador Ethernet XGMAC en QEMU antes del 20/07/2020, presenta un desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html http://www.openwall.com/lists/oss-security/2020/07/22/1 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555 https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html https://security.gentoo.org/glsa/202208-27 https://usn.ubuntu.com/4467-1 https://www.debian.org/security/2020/dsa-47 • CWE-787: Out-of-bounds Write •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15103 – Integer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-15103
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto En FreeRDP versiones anteriores o igual a 2.1.2, se presenta un desbordamiento de enteros debido a una falta de saneamiento de entrada en el canal rdpegfx. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4 https://github.com/FreeRDP/FreeRDP/pull/6382 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11935 – aufs: improperly managed inode reference counts in the vfsub_dentry_open() method
https://notcve.org/view.php?id=CVE-2020-11935
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. • https://bugs.launchpad.net/bugs/1873074 https://ubuntu.com/security/CVE-2020-11935 • CWE-911: Improper Update of Reference Count •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 3CVE-2020-6514 – chromium-browser: Inappropriate implementation in WebRTC
https://notcve.org/view.php?id=CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Una implementación inapropiada en WebRTC en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante en una posición de red privilegiada potencialmente explotar una corrupción de la pila por medio de un flujo SCTP diseñado • https://github.com/hasan-khalil/CVE-2020-6514 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •