Page 54 of 1854 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 45EXPL: 0

CVE-2020-13143

https://notcve.org/view.php?id=CVE-2020-13143

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. En la función gadget_dev_desc_UDC_store en el archivo drivers/usb/gadget/configfs.c en el kernel de Linux versión 3.16 hasta la versión 5.6.13, se basa en kstrdup sin considerar la posibilidad de un valor "\0" interno, lo que permite a atacantes desencadenar una lectura fuera de límites, también se conoce como CID-15753588bcd4 • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012 • CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0

CVE-2020-12888 – Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

https://notcve.org/view.php?id=CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado. A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://www.openwall.com/lists/oss-security/2020/05/19/6 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2020-11526 – freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later

https://notcve.org/view.php?id=CVE-2020-11526

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/core/update.c en FreeRDP versiones posteriores a 1.1 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commits/master https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11526 https://bugzilla.redhat.com/show_bu • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2020-11522 – freerdp: out-of-bounds read in gdi.c

https://notcve.org/view.php?id=CVE-2020-11522

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/gdi/gdi.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commits/master https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11522 https://bugzilla.redhat.com/show_bu • CWE-125: Out-of-bounds Read •

CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2020-11525 – freerdp: out-of-bounds read in bitmap.c

https://notcve.org/view.php?id=CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. El archivo libfreerdp/cache/bitmap.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commits/master https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://a • CWE-125: Out-of-bounds Read •