CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-8608 – QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
https://notcve.org/view.php?id=CVE-2020-8608
06 Feb 2020 — In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. En libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, el archivo tcp_subr.c utiliza inapropiadamente los valores de retorno de snprintf, lo que conlleva a un desbordamiento del búfer en el código posterior. An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcp_emu() routine while emulating ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-5208 – remote code execution vulnerability in ipmitool
https://notcve.org/view.php?id=CVE-2020-5208
05 Feb 2020 — It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. Se detectó que varias funciones en ipmitool versiones anteriores a 1.8.19, descuidan la comprobación apropiada de los datos recibidos desde una parte de la LAN remota,... • https://packetstorm.news/files/id/160875 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20105 – yast2-rmt exposes CA private key passhrase in log-file
https://notcve.org/view.php?id=CVE-2018-20105
27 Jan 2020 — A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. Una Inclusión de Información Confidencial en una vulnerabilidad de Archivos de Registro en yast2-rmt de SUSE Linux Enterprise Server versión 15; openSUSE Leap, permite a a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18899 – apt-cacher-ng insecure use of /run/apt-cacher-ng
https://notcve.org/view.php?id=CVE-2019-18899
23 Jan 2020 — The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. El paquete apt-cacher-ng de openSUSE Leap versión 15.1, ejecuta operaciones en el directorio /run/apt-cacher-ng propiedad del usuario con privilegios de root. Esto puede permitir a atacantes locales influir en el resul... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2020-5202
https://notcve.org/view.php?id=CVE-2020-5202
21 Jan 2020 — apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will r... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18932 – Gentoo Linux Security Advisory 202007-32
https://notcve.org/view.php?id=CVE-2019-18932
21 Jan 2020 — log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20386 – systemd: memory leak in button_open() in login/logind-button.c when udev events are received
https://notcve.org/view.php?id=CVE-2019-20386
21 Jan 2020 — An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. Se detectó un problema en la función button_open en el archivo login/logind-button.c en systemd versiones anteriores a 243. Cuando se ejecuta el comando de activación udevadm, puede presentarse una pérdida de memoria. A memory leak was discovered in the systemd-login when a power-switch event is received. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-7039 – QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
https://notcve.org/view.php?id=CVE-2020-7039
16 Jan 2020 — tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. El archivo tcp_emu en tcp_subr.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, administra inapropiadamente la memoria, como es demostrado por los comandos IRC DCC en EMU_IRC. Esto puede causar un desbordamiento del búfer en la r... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-5188 – e2fsprogs: Out-of-bounds write in e2fsck/rehash.c
https://notcve.org/view.php?id=CVE-2019-5188
08 Jan 2020 — A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Existe una vulnerabilidad de ejecución de código en la funcionalidad directory rehashing de E2fsprogs e2fsck versión 1.45.4. Un directorio ext4 especialmente diseñado puede causar una escritura fuera de límites en la pila, resu... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-20053
https://notcve.org/view.php?id=CVE-2019-20053
27 Dec 2019 — An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Se descubrió una desreferencia de dirección de memoria no válida en la función canUnpack en el archivo p_mach.cpp en UPX versión 3.95 por medio de un archivo Mach-O especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •