CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10018 – webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
https://notcve.org/view.php?id=CVE-2020-10018
02 Mar 2020 — WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2020-7062 – Null Pointer Dereference in PHP Session Upload Progress
https://notcve.org/view.php?id=CVE-2020-7062
27 Feb 2020 — In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuan... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-9383 – kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2020-9383
25 Feb 2020 — An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Se detectó un problema en el kernel de Linux versión 3.16 hasta la versión 5.5.6. La función set_fdc en el archivo drivers/block/floppy.c, conlleva a una lectura fuera de límites de wait_til_ready porque el índice FDC no es comprobado para errores antes de asignarlos, también s... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 88%CPEs: 7EXPL: 6CVE-2020-8794 – OpenSMTPD - OOB Read Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-8794
25 Feb 2020 — OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. OpenSMTPD versiones anteriores a 6.6.4, permite una ejecución de código remota debido a una lectura fuera de límites en la función mta_io en el archivo mta_session.c para respuestas multilínea. Aunque es... • https://www.exploit-db.com/exploits/48185 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 2CVE-2020-8793 – OpenSMTPD 6.6.3 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2020-8793
25 Feb 2020 — OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. OpenSMTPD versiones anteriores a 6.6.4, permite a usuarios locales leer archivos arbitrarios (por ejemplo, en algunas distribuciones de Linux) debido a una combinación de una ruta de búsqueda no confiable en el archivo makemap.c y unas condiciones de carrera en la funcionalidad offl... • https://www.exploit-db.com/exploits/48139 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-426: Untrusted Search Path •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1CVE-2020-8130 – rake: OS Command Injection via egrep in Rake::FileList
https://notcve.org/view.php?id=CVE-2020-8130
24 Feb 2020 — There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Se presenta una vulnerabilidad de inyección de comandos de Sistema Operativo en Ruby Rake versiones anteriores a 12.3.3, en la función Rake::FileList cuando se suministra un nombre de archivo que comienza con el carácter de tubería "|". • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-9542
https://notcve.org/view.php?id=CVE-2015-9542
24 Feb 2020 — add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. La función add_password en el archivo pam_radius_auth.c en pam_radius versión 1.4.0, no verifica correctamente... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2020-9327 – sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations
https://notcve.org/view.php?id=CVE-2020-9327
21 Feb 2020 — In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. En SQLite versión 3.31.1, la función isAuxiliaryVtabOperator permite a atacantes desencadenar una desreferencia del puntero NULL y un fallo de segmentación debido a las optimizaciones de columna generadas. A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to e... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-9308
https://notcve.org/view.php?id=CVE-2020-9308
20 Feb 2020 — archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. El archivo archive_read_support_format_rar5.c en libarchive versiones anteriores a 3.4.2, intenta descomprimir un archivo RAR5 con un encabezado no válido o corrupto (tal y como un tamaño de encabezado de cero), conllevando a un SIGSEGV o posiblemente a otro impacto no especificado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2020-6061
https://notcve.org/view.php?id=CVE-2020-6061
19 Feb 2020 — An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura fuera de límites en la forma en que el servidor web CoTURN 4.5.1.1 analiza las solicitudes POST. Una solicitud HTTP POST especialmente diseñada puede provocar fugas de información ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA • CWE-125: Out-of-bounds Read •