CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2020-6062
https://notcve.org/view.php?id=CVE-2020-6062
19 Feb 2020 — An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en la manera en que el servidor web CoTURN versión 4.5.1.1 analiza las peticiones POST. Una petición HTTP POST especialmente diseñada puede conllevar a un bloqueo del servi... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-6794 – Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
https://notcve.org/view.php?id=CVE-2020-6794
14 Feb 2020 — If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1606619 • CWE-312: Cleartext Storage of Sensitive Information CWE-459: Incomplete Cleanup CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6792 – Mozilla: Message ID calculation was based on uninitialized data
https://notcve.org/view.php?id=CVE-2020-6792
14 Feb 2020 — When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. Cuando se deriva un identificador para un mensaje de correo electrónico, una memoria no inicializada fue usada en adición al contenido del mensaje. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1609607 • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6800 – Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
https://notcve.org/view.php?id=CVE-2020-6800
14 Feb 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8992
https://notcve.org/view.php?id=CVE-2020-8992
14 Feb 2020 — ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. La función ext4_protect_reserved_inode en el archivo fs/ext4/block_validity.c en el kernel de Linux versiones hasta 5.5.3, permite a atacantes causar una denegación de servicio (soft lockup) por medio de un journal size diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19921 – runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation
https://notcve.org/view.php?id=CVE-2019-19921
12 Feb 2020 — runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14553 – gd: NULL pointer dereference in gdImageClone
https://notcve.org/view.php?id=CVE-2018-14553
11 Feb 2020 — gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). La función gdImageClone en el archivo gd.c en libgd versiones 2.1.0-rc2 hasta 2.2.5, presenta una desreferencia del puntero NULL que permite a atacantes bloquear una aplicación por medio de una secuencia de llamada de función específica. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1700
https://notcve.org/view.php?id=CVE-2020-1700
07 Feb 2020 — A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. Se encontró un fallo en la manera en que el front-end Ceph RGW Be... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2020-3123
https://notcve.org/view.php?id=CVE-2020-3123
05 Feb 2020 — A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning proce... • https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12528 – squid: Information Disclosure issue in FTP Gateway
https://notcve.org/view.php?id=CVE-2019-12528
04 Feb 2020 — An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. Se detectó un problema en Squid versiones anteriores a 4.10. Permite a un servidor FTP diseñado desencadenar una divulgación de información confidencial de la memoria de la pila, tal y como la información asociada con las sesiones de otros usuarios o procesos que no son de Squid. A flaw ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •