Page 71 of 4199 results (0.014 seconds)

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-13765 – QEMU: loader: OOB access while loading registered ROM may lead to code execution

https://notcve.org/view.php?id=CVE-2020-13765

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. La función rom_copy() en el archivo hw/core/loader.c en QEMU versión 4.0 y versión 4.1.0, no comprueba la relación entre dos direcciones, lo que permite a atacantes activar una operación de copia de memoria no válida An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the rom_copy() routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially leading to code execution with the privileges of the QEMU process. • https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319 https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676 https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://security.netapp.com/advisory/ntap-20200619-0006 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/03/6 https://access.redhat.com/security/cve/CVE-2020-13765 • CWE-787: Out-of-bounds Write •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-13800

https://notcve.org/view.php?id=CVE-2020-13800

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. ati-vga en el archivo hw/display/ati.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar una recursividad infinita por medio de un valor mm_index diseñado durante una llamada de ati_mm_read o ati_mm_write • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800 https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html https://security.gentoo.org/glsa/202011-09 https://security.netapp.com/advisory/ntap-20200717-0001 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/04/2 • CWE-674: Uncontrolled Recursion •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-13777 – gnutls: session resumption works without master key allowing MITM

https://notcve.org/view.php?id=CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. GnuTLS versiones 3.6.x anteriores a 3.6.14, usa una criptografía incorrecta para cifrar un ticket de sesión (una pérdida de confidencialidad en TLS versión 1.2, y un desvío de autenticación en TLS versión 1.3). La primera versión afectada es la 3.6.4 (24-09-2018) debido a un error en un commit del 18-09-2018. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK https://lists.fedoraproject.org/archi • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-12406 – Mozilla: JavaScript Type confusion with NativeTypes

https://notcve.org/view.php?id=CVE-2020-12406

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. El desarrollador de Mozilla, Iain Ireland, detectó una falta de un tipo comprobación durante la eliminación de objetos sin caja, resultando en un bloqueo. Presumimos que con un esfuerzo suficiente podría ser explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1639590 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12406 https://bugzilla.redhat.com/show_bug.cgi?id=1843312 • CWE-345: Insufficient Verification of Data Authenticity CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1

CVE-2020-12405 – Mozilla: Use-after-free in SharedWorkerService

https://notcve.org/view.php?id=CVE-2020-12405

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Cuando se navega una página maliciosa, podría ocurrir una condición de carrera en nuestro SharedWorkerService y conllevar a un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9 The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1631618 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12405 https://bugzilla.redhat.com/show_bug.cgi?id=1843313 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •