CVSS: 7.5EPSS: 18%CPEs: 12EXPL: 0CVE-2020-14303 – Ubuntu Security Notice USN-4454-1
https://notcve.org/view.php?id=CVE-2020-14303
06 Jul 2020 — A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. Se encontró un fallo en el servidor AD DC NBT en todas las versiones de Samba anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4. Un usuario de samba podría enviar un paquete UDP vacío para hacer que el servidor de samba se bloquee USN-4454-1 fixed a vulnerability in Samba. This update provides the corre... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html • CWE-834: Excessive Iteration •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15393 – Ubuntu Security Notice USN-4463-1
https://notcve.org/view.php?id=CVE-2020-15393
29 Jun 2020 — In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. En el kernel de Linux versión 4.4 hasta la versión 5.7.6, la función usbtest_disconnect en el archivo drivers/usb/misc/usbtest.c presenta una pérdida de memoria, también se conoce como CID-28ebeb8db770 Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker cou... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 3%CPEs: 14EXPL: 0CVE-2020-14954 – Debian Security Advisory 4708-1
https://notcve.org/view.php?id=CVE-2020-14954
21 Jun 2020 — Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente le... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.3EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3350 – Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3350
18 Jun 2020 — A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system ... • https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14396 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14396
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncclient/tls_openssl.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It ... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 22EXPL: 0CVE-2020-14397 – libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-14397
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rfbregion.c presenta una desreferencia del puntero NULL Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-14398 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14398
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Una conexión TCP cerrada inapropiadamente causa un bucle infinito en la biblioteca libvncclient/sockets.c Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14402 – Ubuntu Security Notice USN-4434-1
https://notcve.org/view.php?id=CVE-2020-14402
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/corre.c permite un acceso fuera de límites por medio de codificaciones Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute a... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14403 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14403
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/hextile.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorr... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-14404 – Ubuntu Security Notice USN-4573-1
https://notcve.org/view.php?id=CVE-2020-14404
17 Jun 2020 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/rre.c permite un acceso fuera de límites por medio de codificaciones Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly ha... • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •