CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13696
https://notcve.org/view.php?id=CVE-2020-13696
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/06/04/6 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696 https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab4 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-13625
https://notcve.org/view.php?id=CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. PHPMailer versiones anteriores a 6.1.6, contiene un bug de escape de salida cuando el nombre de un archivo adjunto contiene un carácter de comillas dobles. Esto puede resultar en que el tipo de archivo esta siendo malinterpretado por el receptor o que cualquier retransmisión de correo procese el mensaje • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 2CVE-2020-12049 – dbus: denial of service via file descriptor leak
https://notcve.org/view.php?id=CVE-2020-12049
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. Se detectó un problema en dbus versiones posteriores a 1.3.0 e incluyéndola y anteriores a 1.12.18. El DBusServer en libdbus, como es usado en dbus-daemon, filtra los descriptores de archivo cuando un mensaje excede el límite del descriptor de archivo por mensaje. • http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html http://www.openwall.com/lists/oss-security/2020/06/04/3 https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16 https://security.gentoo.org/glsa/202007-46 https://securitylab.github& • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-13904
https://notcve.org/view.php?id=CVE-2020-13904
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es accedido en la función av_probe_input_format3 en la biblioteca libavformat/format.c • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org https://security.gentoo.org/glsa/202007-58 https://trac.ffmpeg.org/ticket/8673 https://usn.ubuntu.com/4431-1 https://www.debian.org/security/2020/dsa-4722 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13881
https://notcve.org/view.php?id=CVE-2020-13881
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. En el archivo support.c en pam_tacplus versiones 1.3.8 hasta 1.5.1, el secreto compartido TACACS+ es registrado por medio de syslog si el nivel de registro DEBUG y journald son usados • http://www.openwall.com/lists/oss-security/2020/06/08/1 https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 https://github.com/kravietz/pam_tacplus/issues/149 https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html https://usn.ubuntu.com/4521-1 https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50 • CWE-532: Insertion of Sensitive Information into Log File •