CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2020-14400 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14400
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary ** EN DISPUTA ** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint16_t en la biblioteca libvncserver/translate.c. NOTA: Los terceros no consideran que se ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2020-14401 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14401
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/scale.c presenta un desbordamiento de enteros en la función pixel_value Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitra... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 22EXPL: 0CVE-2019-20839 – libvncserver: buffer overflow in ConnectClientToUnixSock()
https://notcve.org/view.php?id=CVE-2019-20839
17 Jun 2020 — libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. La biblioteca libvncclient/sockets.c en LibVNCServer versiones anteriores a 0.9.13, presenta un desbordamiento de búfer por medio de un nombre de archivo socket largo Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2019-20840 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2019-20840
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/ws_decode.c puede conllevar a un bloqueo debido a accesos no alineados en la función hybiReadAndDecode Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted s... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2018-21247 – libvncserver: uninitialized memory contents are vulnerable to Information Leak
https://notcve.org/view.php?id=CVE-2018-21247
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Se presenta una pérdida de memoria en la biblioteca libvncclient/rfbproto.c en la función ConnectToRFBRepeater LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include buffer overflow, denial... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-909: Missing Initialization of Resource •
CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12867 – sane-backends: NULL pointer dereference in sanei_epson_net_read function
https://notcve.org/view.php?id=CVE-2020-12867
01 Jun 2020 — A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Una desreferencia del puntero NULL en la función sanei_epson_net_read en SANE Backends versiones anteriores a la 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, también se conoce como GHSL-2020-075 Kritphong Mongkhonvanit discove... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2020-13614 – openSUSE Security Advisory - openSUSE-SU-2020:0778-1
https://notcve.org/view.php?id=CVE-2020-13614
26 May 2020 — An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. Se detectó un problema en el archivo ssl.c en Axel versiones anteriores a 2.17.8. La implementación TLS carece de verificación del nombre de host. An update that fixes one vulnerability is now available. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00006.html • CWE-295: Improper Certificate Validation •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13113 – libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free
https://notcve.org/view.php?id=CVE-2020-13113
21 May 2020 — An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Un uso de la memoria no inicializada en el manejo de EXIF Makemote podría conllevar a bloqueos y condiciones potenciales de uso de la memoria previamente liberada. It was discovered that libexif incorrectly handled certain inputs. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-822: Untrusted Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS
https://notcve.org/view.php?id=CVE-2020-13112
21 May 2020 — An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13114 – libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time
https://notcve.org/view.php?id=CVE-2020-13114
21 May 2020 — An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Se descubrió un problema en el libexif versiones anteriores a la versión 0.6.22. Un tamaño sin restricciones en el manejo de los datos de Canon EXIF MakerNote podría conllevar al consumo de grandes cantidades de tiempo de cálculo para la decodificación de datos EXIF. It was discovered that libexif incorrectly handled c... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •