CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 1CVE-2020-7062 – Null Pointer Dereference in PHP Session Upload Progress
https://notcve.org/view.php?id=CVE-2020-7062
27 Feb 2020 — In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuan... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2015-9542 – Ubuntu Security Notice USN-4290-2
https://notcve.org/view.php?id=CVE-2015-9542
24 Feb 2020 — add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. La función add_password en el archivo pam_radius_auth.c en pam_radius versión 1.4.0, no verifica correctamente... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2498
https://notcve.org/view.php?id=CVE-2011-2498
20 Feb 2020 — The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. El kernel de Linux desde versión v2.3.36 anteriores a v2.6.39, permite a usuarios locales sin privilegios causar una denegación de servicio (consumo de memoria) al activar la creación de páginas PTE. • http://marc.info/?l=oss-security&m=130923704824984&w=2 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2020-3123 – Gentoo Linux Security Advisory 202003-46
https://notcve.org/view.php?id=CVE-2020-3123
05 Feb 2020 — A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning proce... • https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2019-9674 – Ubuntu Security Notice USN-6891-1
https://notcve.org/view.php?id=CVE-2019-9674
04 Feb 2020 — Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. La biblioteca Lib/zipfile.py en Python versiones hasta 3.7.2, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de una bomba ZIP. USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are inclu... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 67%CPEs: 11EXPL: 6CVE-2020-8597 – ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
https://notcve.org/view.php?id=CVE-2020-8597
03 Feb 2020 — eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del búfer de rhostname en las funciones eap_request y eap_response. A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. ... • https://packetstorm.news/files/id/156802 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 4%CPEs: 15EXPL: 1CVE-2020-8492 – python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS
https://notcve.org/view.php?id=CVE-2020-8492
30 Jan 2020 — Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. Python versiones 2.7 hasta 2.7.17, versiones 3.5 hasta 3.5.9, versiones 3.6 hasta 3.6.10, versiones 3.7 hasta 3.7.6 y versiones 3.8 hasta 3.8.1, permiten a un servidor HTTP conducir ataques de Denegación de Servicio de Expre... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 74EXPL: 0CVE-2019-15795 – python-apt uses MD5 for validation
https://notcve.org/view.php?id=CVE-2019-15795
23 Jan 2020 — python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. Python-apt solo comprueba las cantidades MD5 de los archivos descargados en las funciones "Version.fetch_binary()... • https://usn.ubuntu.com/4247-1 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.7EPSS: 0%CPEs: 74EXPL: 0CVE-2019-15796 – python-apt downloads from untrusted sources
https://notcve.org/view.php?id=CVE-2019-15796
23 Jan 2020 — Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. Python-apt no comprueba si los hashes están firmados en las funciones "Version.fetch_binary()" y... • https://usn.ubuntu.com/4247-1 • CWE-287: Improper Authentication CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2020-7595 – libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
https://notcve.org/view.php?id=CVE-2020-7595
21 Jan 2020 — xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. La función xmlStringLenDecodeEntities en el archivo parser.c en libxml2 versión 2.9.10, presenta un bucle infinito en una determinada situación de fin del archivo. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •