CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 1CVE-2020-12867 – sane-backends: NULL pointer dereference in sanei_epson_net_read function
https://notcve.org/view.php?id=CVE-2020-12867
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Una desreferencia del puntero NULL en la función sanei_epson_net_read en SANE Backends versiones anteriores a la 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, también se conoce como GHSL-2020-075 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://l • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2020-13614
https://notcve.org/view.php?id=CVE-2020-13614
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. Se detectó un problema en el archivo ssl.c en Axel versiones anteriores a 2.17.8. La implementación TLS carece de verificación del nombre de host. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00010.html https://github.com/axel-download-accelerator/axel/issues/262 https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPZUQSDGV5XDBJGHBWBHWJIBE47Q4QIB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S3ECAKIZA2TGBYLUQTLGRMXUFIOGRHG3 • CWE-295: Improper Certificate Validation •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13113 – libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free
https://notcve.org/view.php?id=CVE-2020-13113
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Un uso de la memoria no inicializada en el manejo de EXIF Makemote podría conllevar a bloqueos y condiciones potenciales de uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13113 https://bugzilla.redhat.com/show_bug.cgi?id=1840347 • CWE-822: Untrusted Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS
https://notcve.org/view.php?id=CVE-2020-13112
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13112 https://bugzilla.redhat.com/show_bug.cgi?id=1840344 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13114 – libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time
https://notcve.org/view.php?id=CVE-2020-13114
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Se descubrió un problema en el libexif versiones anteriores a la versión 0.6.22. Un tamaño sin restricciones en el manejo de los datos de Canon EXIF MakerNote podría conllevar al consumo de grandes cantidades de tiempo de cálculo para la decodificación de datos EXIF. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13114 https://bugzilla.redhat.com/show_bug.cgi?id=1840350 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •