CVE-2020-12863
https://notcve.org/view.php?id=CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-083 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVE-2020-12864
https://notcve.org/view.php?id=CVE-2020-12864
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-081 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVE-2020-12865 – sane-backends: Heap buffer overflow in esci2_img
https://notcve.org/view.php?id=CVE-2020-12865
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-084 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2_img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 https://access.redhat.com/security/cve/CV • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2020-12866
https://notcve.org/view.php?id=CVE-2020-12866
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Una desreferencia de puntero NULL en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, GHSL-2020-079 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-476: NULL Pointer Dereference •
CVE-2020-12861 – sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
https://notcve.org/view.php?id=CVE-2020-12861
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-080 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsonds_net_read function could lead to a remote denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 https://access.redhat.com/security/cve/CVE-2020-12861 https://bugzilla.redhat.com/show_bug& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •