CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-3810 – Debian Security Advisory 4685-1
https://notcve.org/view.php?id=CVE-2020-3810
14 May 2020 — Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Una falta de comprobación de entrada en las implementaciones de ar/tar de APT versiones anteriores a 2.1.2, podría resultar en una denegación de servicio al procesar archivos deb especialmente diseñados USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that A... • https://bugs.launchpad.net/bugs/1878177 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 12%CPEs: 12EXPL: 0CVE-2020-3327 – ClamAV ARJ Archive Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3327
12 May 2020 — A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad e... • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 11EXPL: 0CVE-2020-3341 – ClamAV PDF Parsing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3341
12 May 2020 — A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnera... • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-12767 – libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
https://notcve.org/view.php?id=CVE-2020-12767
09 May 2020 — exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. La función exif_entry_get_value en el archivo exif-entry.c en libexif versión 0.6.21, presenta un error de división por cero. It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. It was discovered that libexif incorrectly handled certain inputs. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2020-12762 – libfastjson: integer overflow and out-of-bounds write via a large JSON file
https://notcve.org/view.php?id=CVE-2020-12762
09 May 2020 — json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerab... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 67EXPL: 1CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
28 Apr 2020 — In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-7306 – Byobu apport hook uploads user's ~/.screenrc
https://notcve.org/view.php?id=CVE-2019-7306
17 Apr 2020 — Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu El hook Byobu Apport puede divulgar información confidencial ya que carga de forma automática la extensión .screenrc de un usuario local que puede contener los nombres de host privados, nombres de usuario y contraseñas. Este problema afecta a: byobu Sander Bos discovered that Byobu incorrectly handled certain Ap... • https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 2%CPEs: 14EXPL: 1CVE-2020-7064 – Use-of-uninitialized-value in exif
https://notcve.org/view.php?id=CVE-2020-7064
27 Mar 2020 — In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. En PHP versiones 7.2.x por debajo de 7.2.9, versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, al analizar datos EXIF ??con la función exif_read_data(), es posible que unos datos maliciosos causen que ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 10%CPEs: 10EXPL: 1CVE-2020-7065 – mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
https://notcve.org/view.php?id=CVE-2020-7065
27 Mar 2020 — In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. En PHP versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, mientras se usa la función mb_strtolower() con codificación UTF-32LE, determinadas cadenas no comprobadas pueden causar que PHP sobrescriba el búfer asigna... • https://bugs.php.net/bug.php?id=79371 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2020-10531 – ICU: Integer overflow in UnicodeString::doAppend()
https://notcve.org/view.php?id=CVE-2020-10531
12 Mar 2020 — An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. Se detectó un problema en International Components for Unicode (ICU) para C/C++ versiones hasta 66.1. Se presenta un desbordamiento de enteros, conllevando a un desbordamiento de búfer en la región heap de la memoria, en la función UnicodeString::doAppend() en el archivo common/unistr... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •