CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-8517 – Gentoo Linux Security Advisory 202003-34
https://notcve.org/view.php?id=CVE-2020-8517
04 Feb 2020 — An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. Se detectó un problema en Squid versiones anteriores a 4.10. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 47%CPEs: 9EXPL: 0CVE-2020-8450 – squid: Buffer overflow in reverse-proxy configurations
https://notcve.org/view.php?id=CVE-2020-8450
04 Feb 2020 — An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una administración del búfer incorrecta, un cliente remoto puede causar un desbordamiento del búfer en una instancia de Squid que actúa como un proxy inverso. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 10%CPEs: 9EXPL: 0CVE-2020-8449 – squid: Improper input validation issues in HTTP Request processing
https://notcve.org/view.php?id=CVE-2020-8449
04 Feb 2020 — An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una comprobación de entrada incorrecta, puede interpretar las peticiones HTTP diseñadas de manera no prevista para acceder a recursos del servidor prohibidos por parte de los filtros de seguridad anteriores. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • CWE-20: Improper Input Validation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0CVE-2020-0569 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0569
04 Feb 2020 — Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Una escritura fuera de límites en los productos Intel® PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specia... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html • CWE-73: External Control of File Name or Path CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 1%CPEs: 8EXPL: 0CVE-2020-1711 – QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
https://notcve.org/view.php?id=CVE-2020-1711
03 Feb 2020 — An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Se detectó una fallo de acceso al búfer de la pila fuera de l... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-20446 – librsvg: Resource exhaustion via crafted SVG file with nested patterns
https://notcve.org/view.php?id=CVE-2019-20446
02 Feb 2020 — In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. En el archivo xml.rs en GNOME librsvg versiones anteriores a 2.46.2, un archivo SVG diseñado con patrones anidados puede causar una denegación de servicio cuando es pasado a la biblioteca para su procesamiento. El atacante construye elementos de patrón... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3862 – webkitgtk: Denial of service via incorrect memory handling
https://notcve.org/view.php?id=CVE-2020-3862
30 Jan 2020 — A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. Se abordó un problema de denegación de servicio con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safari versión 13.0.5, iTunes para Windows... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3865 – webkitgtk: Incorrect security check for a top-level DOM object context
https://notcve.org/view.php?id=CVE-2020-3865
30 Jan 2020 — Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safa... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-3867 – webkitgtk: Incorrect state management leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2020-3867
30 Jan 2020 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safari versión 13.0.5, iTunes para Wind... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 4%CPEs: 15EXPL: 1CVE-2020-8492 – python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS
https://notcve.org/view.php?id=CVE-2020-8492
30 Jan 2020 — Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. Python versiones 2.7 hasta 2.7.17, versiones 3.5 hasta 3.5.9, versiones 3.6 hasta 3.6.10, versiones 3.7 hasta 3.7.6 y versiones 3.8 hasta 3.8.1, permiten a un servidor HTTP conducir ataques de Denegación de Servicio de Expre... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html • CWE-400: Uncontrolled Resource Consumption •