Page 44 of 3742 results (0.011 seconds)

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-13696

https://notcve.org/view.php?id=CVE-2020-13696

An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/06/04/6 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696 https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab4 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-13625

https://notcve.org/view.php?id=CVE-2020-13625

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. PHPMailer versiones anteriores a 6.1.6, contiene un bug de escape de salida cuando el nombre de un archivo adjunto contiene un carácter de comillas dobles. Esto puede resultar en que el tipo de archivo esta siendo malinterpretado por el receptor o que cualquier retransmisión de correo procese el mensaje • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-13881

https://notcve.org/view.php?id=CVE-2020-13881

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. En el archivo support.c en pam_tacplus versiones 1.3.8 hasta 1.5.1, el secreto compartido TACACS+ es registrado por medio de syslog si el nivel de registro DEBUG y journald son usados • http://www.openwall.com/lists/oss-security/2020/06/08/1 https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 https://github.com/kravietz/pam_tacplus/issues/149 https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html https://usn.ubuntu.com/4521-1 https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

CVE-2020-13848

https://notcve.org/view.php?id=CVE-2020-13848

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. Portable UPnP SDK (también se conoce como libupnp) versiones 1.12.1 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de un mensaje SSDP diseñado debido a una desreferencia del puntero NULL en las funciones FindServiceControlURLPath y FindServiceEventURLPath en el archivo genlib/service_table/service_table.c • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 https://github.com/pupnp/pupnp/issues/177 https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-13765 – QEMU: loader: OOB access while loading registered ROM may lead to code execution

https://notcve.org/view.php?id=CVE-2020-13765

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. La función rom_copy() en el archivo hw/core/loader.c en QEMU versión 4.0 y versión 4.1.0, no comprueba la relación entre dos direcciones, lo que permite a atacantes activar una operación de copia de memoria no válida An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the rom_copy() routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially leading to code execution with the privileges of the QEMU process. • https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319 https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676 https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://security.netapp.com/advisory/ntap-20200619-0006 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/03/6 https://access.redhat.com/security/cve/CVE-2020-13765 • CWE-787: Out-of-bounds Write •