CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11099 – OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11099
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en license_read_new_or_upgrade_license_packet. Un paquete de licencia manipulado puede conllevar a lecturas fuera del limite en un búfer interno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html http://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4032 – Integer casting vulnerability in `update_recv_secondary_order` in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una vulnerabilidad de conversión de enteros en update_recv_secondary_order. Todos los clientes con +glyph-cache /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html http://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-14954
https://notcve.org/view.php?id=CVE-2020-14954
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente lee datos adicionales (por ejemplo, a partir de un atacante man-in-the-middle) y los evalúa en un contexto TLS, también se conoce como "response injection" • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc https://github.com/neomutt/neomutt/releases/tag/20200619 https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 https://gitlab.com/muttmua/mutt/-/issues& • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8184 – rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
https://notcve.org/view.php?id=CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Se presenta una dependencia de las cookies sin vulnerabilidad de seguridad de control de validación e integridad en rack versiones anteriores a 2.2.3, rack versiones anteriores a 2.1.4, que hace posible a un atacante forjar un prefijo de cookie seguro o solo de host A flaw was found in rubygem-rack. An attacker may be able to trick a vulnerable application into processing an insecure (non-SSL) or cross-origin request if they can gain the ability to write arbitrary cookies that are sent to the application. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html https://usn.ubuntu.com/4561-1 https://access.redhat.com/security/cve/CVE-2020-8184 https://bugzilla.redhat.com/show_bug.cgi?id=1849141 • CWE-20: Improper Input Validation CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 6.3EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3350 – Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3350
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. Una vulnerabilidad en el software de endpoint de Cisco AMP para Endpoints y Clam AntiVirus, podría permitir a un atacante local autenticado causar que el software en ejecución elimine archivos arbitrarios en el sistema. • https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN https://security.gentoo.org/glsa/202007-23 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy https://usn.ubuntu.com/4435-1 https://usn.ubuntu.com/4435-2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •