CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11047 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11047
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. En FreeRDP versiones posteriores a 1.1 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límites en autodetect_recv_bandwidth_measure_results. Un servidor malicioso puede extraer hasta 8 bytes de la memoria del cliente con un mensaje manipulado al proporcionar una entrada corta y leer los datos del resultado de la medición. • https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 https://github.com/FreeRDP/FreeRDP/issues/6009 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://access.redhat.com/security/cve/CVE-2020-11047 https://bugzilla.redhat.com/show_bug.cgi?id=1835762 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 7EXPL: 1CVE-2020-11042 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11042
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límites en update_read_icon_info. • https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f https://github.com/FreeRDP/FreeRDP/issues/6010 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11042 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12392 – Mozilla: Arbitrary local file access with 'Copy as cURL'
https://notcve.org/view.php?id=CVE-2020-12392
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. La funcionalidad "Copy as cURL" de la pestaña de red de Devtools no escapa apropiadamente los datos HTTP POST de una petición, que el sitio web puede controlar. Si un usuario usó la funcionalidad "Copy as cURL" y pegó el comando a un terminal, podría haber resultado en la divulgación de archivos locales. • https://bugzilla.mozilla.org/show_bug.cgi?id=1614468 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https://www.mozilla.org/security/advisories/mfsa2020-18 https://access.redhat.com/security/cve/CVE-2020-12392 https://bugzilla.redhat.com/show_bug.cgi?id=1831764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12395 – Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
https://notcve.org/view.php?id=CVE-2020-12395
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 75 y Firefox ESR versión 68.7. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https://www.mozilla.org/security/advisories/mfsa2020-18 https://access.redhat.com/security/cve/CVE-2020-12395 https://bugzilla.redhat.com/show • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2020-6831 – usrsctp: Buffer overflow in AUTH chunk input validation
https://notcve.org/view.php?id=CVE-2020-6831
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Podría presentarse un desbordamiento del búfer cuando se analizan y comprueban fragmentos SCTP en WebRTC. Esto podría haber provocado una corrupción en la memoria y un bloqueo potencialmente explotable. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.debian.org/security/2020/dsa-4714 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https:&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •