CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12108 – mailman: arbitrary content injection via the options login page
https://notcve.org/view.php?id=CVE-2020-12108
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyección de Contenido Arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1873722 https://code.launchpad.net/mailman https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/202 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2020-6831 – usrsctp: Buffer overflow in AUTH chunk input validation
https://notcve.org/view.php?id=CVE-2020-6831
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Podría presentarse un desbordamiento del búfer cuando se analizan y comprueban fragmentos SCTP en WebRTC. Esto podría haber provocado una corrupción en la memoria y un bloqueo potencialmente explotable. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.debian.org/security/2020/dsa-4714 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https:&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12656
https://notcve.org/view.php?id=CVE-2020-12656
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug ** EN DISPUTA ** En la función gss_mech_free en el archivo net/sunrpc/auth_gss/gss_mech_switch.c en la implementación rpcsec_gss_krb5 en el kernel de Linux versiones hasta 5.6.10 carece de ciertas llamadas domain_release, onllevando a una perdida de memoria. Nota: Esto se discutió con la afirmación de que el tema no otorga ningún acceso no disponible. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.kernel.org/show_bug.cgi?id=206651 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 2CVE-2020-12640
https://notcve.org/view.php?id=CVE-2020-12640
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. Roundcube Webmail versiones anteriores a la versión 1.4.4, permite a atacantes incluir archivos locales y ejecutar código por medio de un salto de directorio en un nombre de plugin en archivo rcube_plugin_api.php. • https://github.com/mbadanoiu/CVE-2020-12640 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4 https://github.com/roundcube/roundcubemail/releases/tag/1.4.4 https://roundcube.net/news/2020/04/29/security-updates-1. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 12%CPEs: 7EXPL: 2CVE-2020-12641 – Roundcube Webmail Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12641
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. El archivo rcube_image.php en Roundcube Webmail versiones anteriores a la versión 1.4.4, permite a atacantes ejecutar código arbitrario por medio de metacaracteres de shell en un ajuste de configuración para im_convert_path o im_identify_path. Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. • https://github.com/mbadanoiu/CVE-2020-12641 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4 https://github.com/roundcube/roundcubemail/releases/tag/1.4.4 https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •