CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2020-10761
https://notcve.org/view.php?id=CVE-2020-10761
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Se encontró un problema de fallo de aserción en el Network Block Device (NBD) en todas las versiones de QEMU anteriores a QEMU versión 5.0.1. Este fallo ocurre cuando un cliente nbd envía una petición que cumple con las especificaciones que está cerca del límite de la longitud máxima permitida de la petición. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761 https://security.gentoo.org/glsa/202011-09 https://security.netapp.com/advisory/ntap-20200731-0001 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/09/1 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2020-13974 – kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c
https://notcve.org/view.php?id=CVE-2020-13974
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. Se detectó un problema en el kernel de Linux versión 4.4 hasta la versión 5.7.1. En el archivo drivers/tty/vt/keyboard.c presenta un desbordamiento de enteros si se llama a la función k_ascii varias veces seguidas, también se conoce como CID-b86dab054059. NOTA: Los miembros de la comunidad argumentan que el desbordamiento de números enteros no conduce a un problema de seguridad en este caso A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lkml.org/lkml/2020/3/22/482 https://usn.u • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 220EXPL: 1CVE-2020-12695 – hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://notcve.org/view.php?id=CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. La especificación UPnP de Open Connectivity Foundation antes del 17-04-2020 no prohíbe la aceptación de una petición de suscripción con una URL de entrega en un segmento de red diferente a la URL de suscripción de evento totalmente calificada, también se conoce como el problema de CallStranger • https://github.com/yunuscadirci/CallStranger http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html http://www.openwall.com/lists/oss-security/2020/06/08/2 https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek https://github.com/corelight/callstranger-detector https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html https://lists.debian.org/debian-l • CWE-276: Incorrect Default Permissions CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13696
https://notcve.org/view.php?id=CVE-2020-13696
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/06/04/6 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696 https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab4 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-13625
https://notcve.org/view.php?id=CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. PHPMailer versiones anteriores a 6.1.6, contiene un bug de escape de salida cuando el nombre de un archivo adjunto contiene un carácter de comillas dobles. Esto puede resultar en que el tipo de archivo esta siendo malinterpretado por el receptor o que cualquier retransmisión de correo procese el mensaje • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-116: Improper Encoding or Escaping of Output •