CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-0093 – libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0093
14 May 2020 — In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 En la función exif_data_save_data_entry del archivo exif-data.c, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Es... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1CVE-2020-12823 – Gentoo Linux Security Advisory 202006-15
https://notcve.org/view.php?id=CVE-2020-12823
12 May 2020 — OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. OpenConnect versión 8.09, presenta un desbordamiento del búfer, causando una denegación de servicio (bloqueo de aplicación) o posiblemente otro impacto no especificado, por medio de datos de certificado diseñados en la función get_cert_name en el archivo gnutls.c. Multiple vulnerabilities have been found in OpenConnect, the w... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
https://notcve.org/view.php?id=CVE-2020-10711
12 May 2020 — A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NU... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2020-6464 – chromium-browser: Type Confusion in Blink
https://notcve.org/view.php?id=CVE-2020-6464
12 May 2020 — Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en Blink en Google Chrome versiones anteriores a la versión 81.0.4044.138, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML especialmente diseñada A type confusion flaw was reported in the Blink component of the Chromium browser. Multiple vulnerabilities have been found in Chro... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00056.html • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11866
https://notcve.org/view.php?id=CVE-2020-11866
11 May 2020 — libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11865
https://notcve.org/view.php?id=CVE-2020-11865
11 May 2020 — libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un acceso a la memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11864
https://notcve.org/view.php?id=CVE-2020-11864
11 May 2020 — libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite una denegación de servicio (problema 2 de 2). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11863
https://notcve.org/view.php?id=CVE-2020-11863
11 May 2020 — libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite una denegación de servicio (problema 1 de 2). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-12767 – libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
https://notcve.org/view.php?id=CVE-2020-12767
09 May 2020 — exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. La función exif_entry_get_value en el archivo exif-entry.c en libexif versión 0.6.21, presenta un error de división por cero. It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. It was discovered that libexif incorrectly handled certain inputs. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 2CVE-2020-12769 – Ubuntu Security Notice USN-4391-1
https://notcve.org/view.php?id=CVE-2020-12769
09 May 2020 — An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. Se detectó un problema en el kernel de Linux versiones anteriores a 5.4.17. El archivo drivers/spi/spi-dw.c, permite a atacantes causar un pánico por medio de llamadas concurrentes a las funciones dw_spi_irq y dw_spi_transfer_one, también se conoce como CID-19b61392c5a8. It was discovered that the ext4 file system ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-662: Improper Synchronization •