CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4067 – Improper Initialization in coturn
https://notcve.org/view.php?id=CVE-2020-4067
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. En coturn anterior a la versión 4.5.1.3, se presenta un problema por el cual el búfer de respuesta STUN/TURN no se inicializa apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15 https://github.com/coturn/coturn/issues/583 https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM https://lists.fedoraproject.org/archives/list/p • CWE-665: Improper Initialization •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5973
https://notcve.org/view.php?id=CVE-2020-5973
NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). NVIDIA Virtual GPU Manager y los controladores de invitado contienen una vulnerabilidad en el plugin vGPU, en la que existe el potencial de ejecutar operaciones privilegiadas, lo que puede conllevar a una denegación de servicio. Esto afecta a vGPU versión 8.x (anteriores a 8.4), versión 9.x (anteriores a 9.4) y versión 10.x (anteriores a 10.3) • https://nvidia.custhelp.com/app/answers/detail/a_id/5031 https://usn.ubuntu.com/4404-1 https://usn.ubuntu.com/4404-2 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15305
https://notcve.org/view.php?id=CVE-2020-15305
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. La entrada no válida podría causar un uso de la memoria previamente liberada de la función DeepScanLineInputFile::DeepScanLineInputFile() en el archivo IlmImf/ImfDeepScanLineInputFile.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/730 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15306
https://notcve.org/view.php?id=CVE-2020-15306
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Los atributos chunkCount no válidos pueden causar un desbordamiento del búfer de la pila en la función getChunkOffsetTableSize() en el archivo IlmImf/ImfMisc.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/738 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 0CVE-2020-5967
https://notcve.org/view.php?id=CVE-2020-5967
NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. NVIDIA Linux GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el controlador UVM, en el que una condición de carrera puede conllevar a una denegación de servicio • https://nvidia.custhelp.com/app/answers/detail/a_id/5031 https://usn.ubuntu.com/4404-1 https://usn.ubuntu.com/4404-2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •