CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1CVE-2020-12823
https://notcve.org/view.php?id=CVE-2020-12823
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. OpenConnect versión 8.09, presenta un desbordamiento del búfer, causando una denegación de servicio (bloqueo de aplicación) o posiblemente otro impacto no especificado, por medio de datos de certificado diseñados en la función get_cert_name en el archivo gnutls.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html https://bugs.gentoo.org/721570 https://gitlab.com/openconnect/openconnect/-/merge_requests/108 https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2018-1285
https://notcve.org/view.php?id=CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. Apache log4net versiones anteriores a 2.0.10, no deshabilita las entidades externas XML cuando analiza los archivos de configuración de log4net. Esto permite realizar ataques basados en XXE en aplicaciones que aceptan archivos de configuración log4net controlados por el atacante • https://issues.apache.org/jira/browse/LOG4NET-575 https://lists.apache.org/thread.html/r00b16ac5e0bbf7009a0d167ed58f3f94d0033b0f4b3e3d5025cc4872%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r33564de316d4e4ba0fea1d4d079e62cde1ffe64369c1157243d840d9%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r525cbbd7db0aef4a114cf60de8439aa285decc34904d42a7f14f39c3%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r6543acafca3e2d24ff4b0c364a91540cb9378977ffa8d37a03ab4b0f%40%3Cdev.logging.apache.org%3E https://lists.apache.or • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11866
https://notcve.org/view.php?id=CVE-2020-11866
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL https://sourceforge.net/p/libemf/code/commit_browser https://sourceforge.net/p/libemf/mailman/libemf-devel https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11865
https://notcve.org/view.php?id=CVE-2020-11865
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un acceso a la memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL https://sourceforge.net/p/libemf/code/commit_browser https://sourceforge.net/p/libemf/mailman/libemf-devel https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11864
https://notcve.org/view.php?id=CVE-2020-11864
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite una denegación de servicio (problema 2 de 2). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL https://sourceforge.net/p/libemf/code/commit_browser https://sourceforge.net/p/libemf/mailman/libemf-devel https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012 •