CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.netapp.com/advisory/ntap-20221028-0010 https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.oracle.com/security-alerts/cp • CWE-190: Integer Overflow or Wraparound •
CVE-2020-7456
https://notcve.org/view.php?id=CVE-2020-7456
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution. En FreeBSD versión 12.1-ESTABLE versiones anteriores a r361918, 12.1-RELEASE versiones anteriores a p6, 11.4-ESTABLE versiones anteriores a r361919, 11.3-RELEASE versiones anteriores a p10 y 11.4-RC2 versiones anteriores a p1, puede ser usada una ubicación de memoria no comprobada para elementos HID si el nivel de inserción/extracción no es restaurado dentro del procesamiento de ese elemento HID, permitiendo que un atacante con acceso físico a un puerto USB pueda usar un dispositivo USB especialmente diseñado para conseguir una ejecución de código de kernel o del espacio de usuario • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc https://security.netapp.com/advisory/ntap-20200625-0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-13871
https://notcve.org/view.php?id=CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. SQLite versión 3.32.2, presenta un uso de la memoria previamente liberada en la función resetAccumulator en el archivo select.c porque la reescritura del árbol de análisis para funciones de ventana es demasiado tarde • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200619-0002 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.sqlite.org/src/info/79eff1d03831 • CWE-416: Use After Free •
CVE-2020-13817 – ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS
https://notcve.org/view.php?id=CVE-2020-13817
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegación de servicio (salida del demonio o cambio de hora del sistema) mediante la predicción de las marcas de tiempo de transmisión para su uso en paquetes falsificados. La víctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la víctima A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html http://support.ntp.org/bin/view/Main/NtpBug3596 https://bugs.ntp.org/show_bug.cgi?id=3596 https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200625-0004 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-13817 https://bugzilla.redhat.com/show_bug& • CWE-330: Use of Insufficiently Random Values CWE-358: Improperly Implemented Security Check for Standard •
CVE-2019-5614
https://notcve.org/view.php?id=CVE-2019-5614
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results. En FreeBSD versiones 12.1-ESTABLE anteriores a r356035, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p4, versiones 11.3-ESTABLE anteriores a r356036 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p8, la comprobación incompleta de los datos del paquete puede resultar en un acceso a la memoria fuera de límites conllevando a un pánico del kernel u otros resultados impredecibles. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:10.ipfw.asc https://security.netapp.com/advisory/ntap-20200511-0002 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •