CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2020-8112 – openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c
https://notcve.org/view.php?id=CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. La función opj_t1_clbl_decode_processor en el archivo openjp2/t1.c en OpenJPEG versión 2.3.1 hasta el 28-01-2020, presenta un desbordamiento del búfer en la región heap de la memoria en el caso qmfbid==1, un problema diferente de CVE-2020-6851. A heap-based buffer overflow flaw was found in the opj_t1_clbl_decode_processor in openjpeg2. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://access.redhat.com/errata/RHSA-2020:0550 https://access.redhat.com/errata/RHSA-2020:0569 https://access.redhat.com/errata/RHSA-2020:0570 https://access.redhat.com/errata/RHSA-2020:0694 https://github.com/uclouvain/openjpeg/issues/1231 https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 897EXPL: 0CVE-2020-0549 – hw: L1D Cache Eviction Sampling
https://notcve.org/view.php?id=CVE-2020-0549
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Unos errores de limpieza en algunos desalojos de caché de datos para algunos procesadores Intel(R), pueden permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio del acceso local. A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y https://security.netapp.com/advisory/ntap-20200210-0004 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-7238 – netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
https://notcve.org/view.php?id=CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. Netty versión 4.1.43.Final, permite el tráfico no autorizado de peticiones HTTP porque maneja inapropiadamente el espacio en blanco de Transfer-Encoding (tal y como una línea [space]Transfer-Encoding:chunked) y un encabezado Content-Length posterior. Este problema existe debido a una corrección incompleta para el CVE-2019-16869. A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. • https://access.redhat.com/errata/RHSA-2020:0497 https://access.redhat.com/errata/RHSA-2020:0567 https://access.redhat.com/errata/RHSA-2020:0601 https://access.redhat.com/errata/RHSA-2020:0605 https://access.redhat.com/errata/RHSA-2020:0606 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://github.com/jdordonezn/CVE-2020&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 2CVE-2019-17570 – xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response
https://notcve.org/view.php?id=CVE-2019-17570
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. Se detectó una deserialización no confiable en el método org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult de la biblioteca Apache XML-RPC (también se conoce como ws-xmlrpc). Un servidor XML-RPC malicioso podría apuntar a un cliente XML-RPC causando que ejecute código arbitrario. • https://github.com/r00t4dm/CVE-2019-17570 http://www.openwall.com/lists/oss-security/2020/01/24/2 https://access.redhat.com/errata/RHSA-2020:0310 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html https: • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20387 – libsolv: out-of-bounds read in repodata_schema2id in repodata.c
https://notcve.org/view.php?id=CVE-2019-20387
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. La función repodata_schema2id en el archivo repodata.c en libsolv versiones anteriores a 0.7.6, presenta una lectura excesiva del búfer en la región heap de la memoria por medio de un último esquema cuya longitud es menor que la longitud del esquema de entrada. An out-of-bounds read was discovered in Libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses Libsolv. • https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6 https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html https://access.redhat.com/security/cve/CVE-2019-20387 https://bugzilla.redhat.com/show_bug.cgi?id=1797072 • CWE-125: Out-of-bounds Read •