CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 1CVE-2020-24977 – libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. El proyecto de GNOME libxml2 v2.9.10 tiene una vulnerabilidad de sobre lectura del buffer global en xmlEncodeEntitiesInternal en libxml2/entities.c. El problema ha sido corregido en el commit 50f06b3e • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24584
https://notcve.org/view.php?id=CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.16, versiones 3.0 anteriores a 3.0.10 y versiones 3.1 anteriores a 3.1.1 (cuando es usado Python 3.7+). Los directorios de nivel intermedio de la caché del sistema de archivos tenían la umask estándar del sistema en lugar de 0o077 • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24583
https://notcve.org/view.php?id=CVE-2020-24583
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.16, versiones 3.0 anteriores a 3.0.10 y versiones 3.1 anteriores a 3.1.1 (cuando es usado Python 3.7+). El modo FILE_UPLOAD_DIRECTORY_PERMISSIONS no fue aplicado a los directorios de nivel intermedio creados en el proceso de carga de archivos. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-4559
https://notcve.org/view.php?id=CVE-2020-4559
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. IBM Spectrum Protect versiones 7.1 y 8.1, podrían permitir a un atacante causar una denegación de servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario. IBM X-Force ID: 183613 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183613 https://www.ibm.com/support/pages/node/6323757 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 33EXPL: 0CVE-2020-24616
https://notcve.org/view.php?id=CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacción entre los dispositivos de serialización y la escritura, relacionada con br.com.anteros.dbcp.AnterosDBCPDataSource (también se conoce como Anteros-DBCP) • https://github.com/FasterXML/jackson-databind/issues/2814 https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200904-0006 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpuj • CWE-502: Deserialization of Untrusted Data •