CVE-2020-4067 – Improper Initialization in coturn
https://notcve.org/view.php?id=CVE-2020-4067
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. En coturn anterior a la versión 4.5.1.3, se presenta un problema por el cual el búfer de respuesta STUN/TURN no se inicializa apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15 https://github.com/coturn/coturn/issues/583 https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM https://lists.fedoraproject.org/archives/list/p • CWE-665: Improper Initialization •
CVE-2020-12862
https://notcve.org/view.php?id=CVE-2020-12862
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-082 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVE-2020-12863
https://notcve.org/view.php?id=CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-083 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVE-2020-12864
https://notcve.org/view.php?id=CVE-2020-12864
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-081 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVE-2020-12865 – sane-backends: Heap buffer overflow in esci2_img
https://notcve.org/view.php?id=CVE-2020-12865
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-084 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2_img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 https://access.redhat.com/security/cve/CV • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •