CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26420
https://notcve.org/view.php?id=CVE-2020-26420
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Una filtración de memoria en el disector del protocolo RTPS en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json https://gitlab.com/wireshark/wireshark/-/issues/16994 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z https://security.gentoo.org/glsa/202101-12 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.wireshark.org/security/w • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-26421
https://notcve.org/view.php?id=CVE-2020-26421
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Un fallo en el disector del protocolo USB HID y posiblemente en otros disectores en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json https://gitlab.com/wireshark/wireshark/-/issues/16958 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z https://security.gentoo.org/glsa/202101-12 https://www.oracle.c • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-29668
https://notcve.org/view.php?id=CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. Sympa versiones anteriores a 6.2.59b.2, permite a atacantes remotos conseguir acceso completo a la API SOAP mediante el envío de cualquier cadena arbitraria (excepto una desde una cookie caducada) como el valor de la cookie para authenticateAndRun. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020 https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md https://github.com/sympa-community/sympa/issues/1041 https://github.com/sympa-community/sympa/pull/1044 https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org& • CWE-287: Improper Authentication CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16592
https://notcve.org/view.php?id=CVE-2020-16592
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Se presenta un uso de la memoria previamente liberada en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd) en GNU Binutils versión 2.34 en bfd_hash_lookup, como es demostrado en nm-new, que puede causar una denegación de servicio por medio de un archivo elaborado • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJIW6KKY2TSLD43XEZXG56WREIIBUIIQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKIMSD5FIC3QFJDKNHR2PSO6JYJGCLHB https://security.netapp.com/advisory/ntap-20210115-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=25823 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26257 – Denial of service attack via incorrect parameters to federation APIs
https://notcve.org/view.php?id=CVE-2020-26257
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. • https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09 https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b https://github.com/matrix-org/synapse/pull/8776 https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QR4MMYZKX5N5GYG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-400: Uncontrolled Resource Consumption •