CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2018-14553 – gd: NULL pointer dereference in gdImageClone
https://notcve.org/view.php?id=CVE-2018-14553
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). La función gdImageClone en el archivo gd.c en libgd versiones 2.1.0-rc2 hasta 2.2.5, presenta una desreferencia del puntero NULL que permite a atacantes bloquear una aplicación por medio de una secuencia de llamada de función específica. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html https://bugzilla.redhat.com/show_bug.cgi?id=1599032 https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f https://github.com/libgd/libgd/pull/580 https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6 https:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2016-9928
https://notcve.org/view.php?id=CVE-2016-9928
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. MCabber versiones anteriores a 1.0.4, es vulnerable a los ataques de tipo roster push, lo que permite a atacantes remotos interceptar comunicaciones, o agregarse como una entidad en la lista de un tercero como otro usuario, que también obtendrá privilegios asociados, por medio de paquetes XMPP diseñados. • http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html http://www.openwall.com/lists/oss-security/2016/12/11/2 http://www.openwall.com/lists/oss-security/2017/02/09/29 http://www.securityfocus.com/bid/94862 https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258 https://bugzilla.redhat.com/show_bug.cgi?id=1403790 https://gultsch.de/gajim_roster_push_and_message_interception.html ht • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1CVE-2020-8648 – kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
https://notcve.org/view.php?id=CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://bugzilla.kernel.org/show_bug.cgi?id=206361 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200924-0004 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4345-1 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3123
https://notcve.org/view.php?id=CVE-2020-3123
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo Data-Loss-Prevention (DLP) en el software Clam AntiVirus (ClamAV) versiones 0.102.1 y 0.102.0, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062 https://security.gentoo.org/glsa/202003-46 https://usn.ubuntu.com/4280-1 https://usn.ubuntu.com/4280-2 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12528 – squid: Information Disclosure issue in FTP Gateway
https://notcve.org/view.php?id=CVE-2019-12528
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. Se detectó un problema en Squid versiones anteriores a 4.10. Permite a un servidor FTP diseñado desencadenar una divulgación de información confidencial de la memoria de la pila, tal y como la información asociada con las sesiones de otros usuarios o procesos que no son de Squid. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://www.squid-cache.org/Advisories/SQUID-2020_2.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R https://lists.fedoraproject.org/archives/li • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •