CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6800 – Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
https://notcve.org/view.php?id=CVE-2020-6800
14 Feb 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 0CVE-2018-14553 – gd: NULL pointer dereference in gdImageClone
https://notcve.org/view.php?id=CVE-2018-14553
11 Feb 2020 — gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). La función gdImageClone en el archivo gd.c en libgd versiones 2.1.0-rc2 hasta 2.2.5, presenta una desreferencia del puntero NULL que permite a atacantes bloquear una aplicación por medio de una secuencia de llamada de función específica. It was discovered that GD Graphics Libra... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1CVE-2020-8648 – kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
https://notcve.org/view.php?id=CVE-2020-8648
06 Feb 2020 — There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. Red Hat Advanced Cluster Mana... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2020-3123 – Gentoo Linux Security Advisory 202003-46
https://notcve.org/view.php?id=CVE-2020-3123
05 Feb 2020 — A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning proce... • https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 22%CPEs: 9EXPL: 0CVE-2019-12528 – squid: Information Disclosure issue in FTP Gateway
https://notcve.org/view.php?id=CVE-2019-12528
04 Feb 2020 — An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. Se detectó un problema en Squid versiones anteriores a 4.10. Permite a un servidor FTP diseñado desencadenar una divulgación de información confidencial de la memoria de la pila, tal y como la información asociada con las sesiones de otros usuarios o procesos que no son de Squid. A flaw ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-8517 – Gentoo Linux Security Advisory 202003-34
https://notcve.org/view.php?id=CVE-2020-8517
04 Feb 2020 — An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. Se detectó un problema en Squid versiones anteriores a 4.10. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 44%CPEs: 9EXPL: 0CVE-2020-8450 – squid: Buffer overflow in reverse-proxy configurations
https://notcve.org/view.php?id=CVE-2020-8450
04 Feb 2020 — An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una administración del búfer incorrecta, un cliente remoto puede causar un desbordamiento del búfer en una instancia de Squid que actúa como un proxy inverso. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 0CVE-2020-8449 – squid: Improper input validation issues in HTTP Request processing
https://notcve.org/view.php?id=CVE-2020-8449
04 Feb 2020 — An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una comprobación de entrada incorrecta, puede interpretar las peticiones HTTP diseñadas de manera no prevista para acceder a recursos del servidor prohibidos por parte de los filtros de seguridad anteriores. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-20: Improper Input Validation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2019-9674 – Ubuntu Security Notice USN-6891-1
https://notcve.org/view.php?id=CVE-2019-9674
04 Feb 2020 — Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. La biblioteca Lib/zipfile.py en Python versiones hasta 3.7.2, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de una bomba ZIP. USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are inclu... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0CVE-2020-0569 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0569
04 Feb 2020 — Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Una escritura fuera de límites en los productos Intel® PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specia... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html • CWE-73: External Control of File Name or Path CWE-787: Out-of-bounds Write •