CVSS: 5.3EPSS: 38%CPEs: 21EXPL: 0CVE-2020-1934 – httpd: mod_proxy_ftp use of uninitialized value
https://notcve.org/view.php?id=CVE-2020-1934
01 Apr 2020 — In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. En Apache HTTP Server versiones 2.4.0 hasta 2.4.41, mod_proxy_ftp puede usar memoria no inicializada cuando al enviar un proxy hacia un servidor FTP malicioso. A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality. Red Hat JBoss... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6095 – Gentoo Linux Security Advisory 202009-05
https://notcve.org/view.php?id=CVE-2020-6095
27 Mar 2020 — An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en la funcionalidad GstRTSPAuth de GStreamer/gst-rtsp-server versión 1.14.5. Una petición de configuración RTSP especialmente diseñada puede ca... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html • CWE-476: NULL Pointer Dereference CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1772 – Information Disclosure
https://notcve.org/view.php?id=CVE-2020-1772
27 Mar 2020 — It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. Es posible diseñar peticiones de Contraseña Perdida con wildcards en el valor de Token, permite a un atacante recuperar Token(s) válidos, generados por usuarios que ya solicitaron nuevas co... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1770 – Information disclosure in support bundle files
https://notcve.org/view.php?id=CVE-2020-1770
27 Mar 2020 — Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. Unos archivos generados por el paquete de soporte podrían contener información confidencial que podría sin querer ser revelada. Este problema afecta a: ((OTRS)) Community Edition: versiones 5.0.41 y anteriores, versiones 6.0.26 y anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1769 – Autocomplete in the form login screens
https://notcve.org/view.php?id=CVE-2020-1769
27 Mar 2020 — In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. En las pantallas de inicio de sesión (en la interfaz del agente y cliente), los campos Username y Password usan autocompletar, lo que podría ser considerado un problema de seguridad. Este problema afecta a: ((OTRS)) Community Edi... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-16: Configuration •
CVSS: 5.3EPSS: 1%CPEs: 9EXPL: 1CVE-2020-7066 – get_headers() silently truncates after a null byte
https://notcve.org/view.php?id=CVE-2020-7066
27 Mar 2020 — In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. En las versiones de PHP 7.2.x anterior a la versión 7.2.29, 7.3.x anterior a 7.3.16 y 7.4.x anterior a 7.4.4, mientras usa get_headers () con la URL s... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html • CWE-170: Improper Null Termination CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 2%CPEs: 14EXPL: 1CVE-2020-7064 – Use-of-uninitialized-value in exif
https://notcve.org/view.php?id=CVE-2020-7064
27 Mar 2020 — In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. En PHP versiones 7.2.x por debajo de 7.2.9, versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, al analizar datos EXIF ??con la función exif_read_data(), es posible que unos datos maliciosos causen que ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 1CVE-2020-10942 – kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
https://notcve.org/view.php?id=CVE-2020-10942
24 Mar 2020 — In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. En el kernel de Linux versiones anteriores a 5.5.8, la función get_raw_socket en el archivo drivers/vhost/net.c carece de una comprobación de un campo sk_family, que podría permitir a atacantes desencadenar una corrupción de pila del kernel por medio de llamadas de sistema diseñadas. A stack buffer overflow is... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2020-10938 – Debian Security Advisory 4675-1
https://notcve.org/view.php?id=CVE-2020-10938
24 Mar 2020 — GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. GraphicsMagick versiones anteriores a la versión 1.3.35, tiene un desbordamiento de enteros y un desbordamiento del búfer en la región heap de la memoria en la función HuffmanDecodeImage en el archivo magick/compress.c. Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in inform... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2020-1747 – PyYAML: arbitrary command execution through python/object/new when FullLoader is used
https://notcve.org/view.php?id=CVE-2020-1747
24 Mar 2020 — A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. Se descubrió una vulnerabilidad en la biblioteca PyYAML versiones anter... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html • CWE-20: Improper Input Validation •