Page 75 of 1231 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 1

CVE-2020-12771

https://notcve.org/view.php?id=CVE-2020-12771

An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operación de coalescencia. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lkml.org/lkml/2020/4/26/87 https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4462-1 https: • CWE-667: Improper Locking •

CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0

CVE-2020-10690 – kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open

https://notcve.org/view.php?id=CVE-2020-10690

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. Se presenta un uso de la memoria previamente liberada en kernel versiones anteriores a 5.5, debido a una condición de carrera entre la liberación de ptp_clock y cdev durante la desasignación de recursos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4419-1 https://access.redhat.com/security/cve/CVE-2020-10690 https://bugzilla.redhat.com/show_bug.cgi?id=1817141 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1

CVE-2020-12108 – mailman: arbitrary content injection via the options login page

https://notcve.org/view.php?id=CVE-2020-12108

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyección de Contenido Arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1873722 https://code.launchpad.net/mailman https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/202 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2020-12672

https://notcve.org/view.php?id=CVE-2020-12672

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. GraphicsMagick versiones hasta 1.3.35, presenta un desbordamiento del búfer en la región heap de la memoria en la función ReadMNGImage en el archivo coders/png.c. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html https://security.gentoo.org/glsa/202209-19 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-12656

https://notcve.org/view.php?id=CVE-2020-12656

gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug ** EN DISPUTA ** En la función gss_mech_free en el archivo net/sunrpc/auth_gss/gss_mech_switch.c en la implementación rpcsec_gss_krb5 en el kernel de Linux versiones hasta 5.6.10 carece de ciertas llamadas domain_release, onllevando a una perdida de memoria. Nota: Esto se discutió con la afirmación de que el tema no otorga ningún acceso no disponible. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.kernel.org/show_bug.cgi?id=206651 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 • CWE-401: Missing Release of Memory after Effective Lifetime •