CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 1CVE-2020-10029 – glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions
https://notcve.org/view.php?id=CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. La biblioteca GNU C (también se conoce como glibc o libc6) versiones anteriores a 2.32, podría desbordar un búfer sobre la pila durante una reducción de alcance si una entrada a una función long double de 80 bits contiene un patrón de bits no canónico, como es visto cuando se pasa un valor 0x5d4141414141410000 hacia la función sinl sobre sistemas destino de x86. Esto está relacionado con el archivo sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. A flaw was found in glibc in versions prior to 2.32. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E https://security.gentoo.org&#x • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-10018 – webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
https://notcve.org/view.php?id=CVE-2020-10018
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este problema se ha solucionado en 2.28.0 con un manejo mejorado de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html https://bugs.webkit.org/show_bug.cgi?id=204342#c21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF https://security.gentoo.org/glsa/202006-08 https://usn.ubuntu.com/4310-1 https://webkitgtk.org/security/WSA-2020-0003.html https://wpewebki • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2020-7062 – Null Pointer Dereference in PHP Session Upload Progress
https://notcve.org/view.php?id=CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuando es usada la funcionalidad de carga de archivos, si el seguimiento de progreso de carga está habilitado, pero session.upload_progress.cleanup está ajustado en 0 (deshabilitado), y la carga del archivo presenta un fallo, el procedimiento de carga intentaría limpiar los datos que no existan y encontraría una desreferencia del puntero null, lo que probablemente conllevaría a un bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://bugs.php.net/bug.php?id=79221 https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html https://security.gentoo.org/glsa/202003-57 https://usn.ubuntu.com/4330-1 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2020-7062 https://bugzilla.redhat • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-9383 – kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2020-9383
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Se detectó un problema en el kernel de Linux versión 3.16 hasta la versión 5.5.6. La función set_fdc en el archivo drivers/block/floppy.c, conlleva a una lectura fuera de límites de wait_til_ready porque el índice FDC no es comprobado para errores antes de asignarlos, también se conoce como CID-2e90ca68b0d2 An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap& • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 93%CPEs: 7EXPL: 6CVE-2020-8794 – OpenSMTPD - OOB Read Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-8794
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. OpenSMTPD versiones anteriores a 6.6.4, permite una ejecución de código remota debido a una lectura fuera de límites en la función mta_io en el archivo mta_session.c para respuestas multilínea. Aunque esta vulnerabilidad afecta al lado del cliente de OpenSMTPD, es posible atacar a un servidor porque el código del servidor inicia el código del cliente durante el manejo de saltos. • https://www.exploit-db.com/exploits/48185 https://www.exploit-db.com/exploits/48140 http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Feb/32 http://www.openwall.com/lists/oss-security/2020/02/26/1 http://www.openwall.com/lists/oss-security/2020/03/01/1 http://www.openwall.com/lists/oss-security/2020/03/01/2 http://www.openwall.com/lists/oss-security/2021/05/04/7 https: • CWE-125: Out-of-bounds Read •