CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15900
https://notcve.org/view.php?id=CVE-2020-15900
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Se encontró un problema de corrupción de memoria en Artifex Ghostscript versiones 9.50 y 9.52. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html https://artifex.com/security-advisories/CVE-2020-15900 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c https: • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15103 – Integer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-15103
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto En FreeRDP versiones anteriores o igual a 2.1.2, se presenta un desbordamiento de enteros debido a una falta de saneamiento de entrada en el canal rdpegfx. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4 https://github.com/FreeRDP/FreeRDP/pull/6382 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11935 – aufs: improperly managed inode reference counts in the vfsub_dentry_open() method
https://notcve.org/view.php?id=CVE-2020-11935
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. • https://bugs.launchpad.net/bugs/1873074 https://ubuntu.com/security/CVE-2020-11935 • CWE-911: Improper Update of Reference Count •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 3CVE-2020-6514 – chromium-browser: Inappropriate implementation in WebRTC
https://notcve.org/view.php?id=CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Una implementación inapropiada en WebRTC en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante en una posición de red privilegiada potencialmente explotar una corrupción de la pila por medio de un flujo SCTP diseñado • https://github.com/hasan-khalil/CVE-2020-6514 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-15890
https://notcve.org/view.php?id=CVE-2020-15890
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. LuaJit versiones hasta 2.1.0-beta3, presenta una lectura fuera de límites, porque el salto de trama del manejador __gc es manejado inapropiadamente • https://github.com/LuaJIT/LuaJIT/issues/601 https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html https://usn.ubuntu.com/4501-1 • CWE-125: Out-of-bounds Read •