Page 62 of 937 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0

CVE-2020-12663 – unbound: infinite loop via malformed DNS answers received from upstream servers

https://notcve.org/view.php?id=CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Unbound versiones anteriores a 1.10.1, presenta un bucle infinito mediante respuestas DNS malformadas recibidas desde servidores aguas arriba. A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html http://www.openwall.com/lists/oss-security/2020/05/19/5 https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I h • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-10724 – dpdk: librte_vhost Missing inputs validation in Vhost-crypto

https://notcve.org/view.php?id=CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. Se encontró una vulnerabilidad en DPDK versiones 18.11 y superiores. Al código de la biblioteca vhost-crypto le falta comprobaciones para los valores suministrados por el usuario, permitiendo potencialmente un filtrado de información mediante una lectura de memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html https://bugs.dpdk.org/show_bug.cgi?id=269 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4 https://usn.ubuntu.com/4362-1 https://www.openwall.com/lists/oss-security/2020/05/18/2 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020&# • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-10722 – dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

https://notcve.org/view.php?id=CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. Se encontró una vulnerabilidad en DPDK versiones 18.05 y superiores. Una falta de comprobación en un desbordamiento de enteros en la función vhost_user_set_log_base() podría resultar en un mapa de memoria más pequeño de lo requerido, posiblemente permitiendo una corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html https://bugs.dpdk.org/show_bug.cgi?id=267 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4 https://usn.ubuntu.com/4362-1 https://www.openwall.com/lists/oss-security/2020/05/18/2 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 45EXPL: 0

CVE-2020-13143

https://notcve.org/view.php?id=CVE-2020-13143

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. En la función gadget_dev_desc_UDC_store en el archivo drivers/usb/gadget/configfs.c en el kernel de Linux versión 3.16 hasta la versión 5.6.13, se basa en kstrdup sin considerar la posibilidad de un valor "\0" interno, lo que permite a atacantes desencadenar una lectura fuera de límites, también se conoce como CID-15753588bcd4 • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012 • CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0

CVE-2020-12888 – Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

https://notcve.org/view.php?id=CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado. A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://www.openwall.com/lists/oss-security/2020/05/19/6 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •