Page 71 of 4147 results (0.014 seconds)

CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-14093

https://notcve.org/view.php?id=CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Mutt versiones anteriores a 1.14.3, permite un ataque de tipo man-in-the-middle de fcc/postpone de IMAP por medio de una respuesta PREAUTH • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://bugs.gentoo.org/728300 https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html https://security.gentoo.org/glsa/202007-57 https://usn.ubuntu.com/4401-1 https • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0

CVE-2020-10732 – kernel: uninitialized kernel data leak in userspace coredumps

https://notcve.org/view.php?id=CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Se encontró un fallo en la implementación de los volcados de núcleo del Userspace del kernel de Linux. Este fallo permite a un atacante con una cuenta local bloquear un programa trivial y exfiltrar datos privados del kernel A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d https://github.com/google/kmsan/issues/76 https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj • CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 13%CPEs: 11EXPL: 0

CVE-2020-0198 – libexif: integer overflow in exif_data_load_data_content function in exif-data.c

https://notcve.org/view.php?id=CVE-2020-0198

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 En la función exif_data_load_data_content del archivo exif-data.c, se presenta un posible aborto de UBSAN debido a un desbordamiento de enteros. Esto podría conllevar a una denegación de servicio remota sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. • https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7 https://security.gentoo.org/glsa/202011-19 https://source.android.com/security/bulletin/pixel/2020-06-01 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-0198 https:/ • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-10755 – openstack-cinder: Improper handling of ScaleIO backend credentials

https://notcve.org/view.php?id=CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project Se encontró un fallo de credenciales no seguras en todas las versiones de openstack-cinder anteriores a openstack-cinder versión 14.1.0, todas las versiones de openstack-cinder 15.xx anteriores a openstack-cinder versión 15.2.0 y todas las versiones de openstack-cinder 16.xx anteriores a openstack-cinder versión 16.1 .0. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755 https://usn.ubuntu.com/4420-1 https://wiki.openstack.org/wiki/OSSN/OSSN-0086 https://access.redhat.com/security/cve/CVE-2020-10755 https://bugzilla.redhat.com/show_bug.cgi?id=1842748 https://access.redhat.com/articles/5144231 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

CVE-2020-0543 – hw: Special Register Buffer Data Sampling (SRBDS)

https://notcve.org/view.php?id=CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •