CVSS: 8.0EPSS: 0%CPEs: 7EXPL: 1CVE-2020-12865 – sane-backends: Heap buffer overflow in esci2_img
https://notcve.org/view.php?id=CVE-2020-12865
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-084 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2_img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 https://access.redhat.com/security/cve/CV • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12866
https://notcve.org/view.php?id=CVE-2020-12866
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Una desreferencia de puntero NULL en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima causar una denegación de servicio, GHSL-2020-079 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12861 – sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
https://notcve.org/view.php?id=CVE-2020-12861
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, permite a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-080 A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsonds_net_read function could lead to a remote denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 https://access.redhat.com/security/cve/CVE-2020-12861 https://bugzilla.redhat.com/show_bug& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-14983
https://notcve.org/view.php?id=CVE-2020-14983
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. El servidor en Chocolate Doom versión 3.0.0 y Crispy Doom versión 5.8.0, no comprueba el valor de num_players controlado por el usuario, conllevando a un desbordamiento del búfer. Un usuario malicioso puede sobrescribir la pila del servidor • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html https://github.com/chocolate-doom/chocolate-doom/issues/1293 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-8933 – Priviged Escalation in Google Cloud Platform's Guest-OSLogin
https://notcve.org/view.php?id=CVE-2020-8933
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry. Una vulnerabilidad en las versiones entre 20190304 y 20200507 de guest-oslogin de Google Cloud Platform, permite a un usuario al que solo se le otorgó el rol "roles/compute.osLogin" para escalar privilegios a root. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html https://cloud.google.com/support/bulletins/#gcp-2020-008 https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020 • CWE-276: Incorrect Default Permissions •