CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 2CVE-2020-8793 – OpenSMTPD 6.6.3 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2020-8793
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. OpenSMTPD versiones anteriores a 6.6.4, permite a usuarios locales leer archivos arbitrarios (por ejemplo, en algunas distribuciones de Linux) debido a una combinación de una ruta de búsqueda no confiable en el archivo makemap.c y unas condiciones de carrera en la funcionalidad offline en el archivo smtpd.c. • https://www.exploit-db.com/exploits/48139 http://seclists.org/fulldisclosure/2020/Feb/28 http://www.openwall.com/lists/oss-security/2020/02/24/4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E https://usn.ubuntu.com/4294-1 https://www.openbsd.org/security.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-426: Untrusted Search Path •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1CVE-2020-8130 – rake: OS Command Injection via egrep in Rake::FileList
https://notcve.org/view.php?id=CVE-2020-8130
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Se presenta una vulnerabilidad de inyección de comandos de Sistema Operativo en Ruby Rake versiones anteriores a 12.3.3, en la función Rake::FileList cuando se suministra un nombre de archivo que comienza con el carácter de tubería "|". • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html https://hackerone.com/reports/651518 https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44 https://usn.ubuntu.com/4295-1 https://access.redhat.com/security/cve/CVE-2020-8130 https:&#x • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-9542
https://notcve.org/view.php?id=CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. La función add_password en el archivo pam_radius_auth.c en pam_radius versión 1.4.0, no verifica correctamente la longitud de la contraseña de entrada y es vulnerable a un desbordamiento del búfer en la región stack de la memoria durante la función memcpy(). Un atacante podría enviar una contraseña diseñada hacia una aplicación (cargando la biblioteca pam_radius) y bloquearla. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542 https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0 https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html https://usn.ubuntu.com/4290-1 https://usn.ubuntu.com/4290-2 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2020-9327 – sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations
https://notcve.org/view.php?id=CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. En SQLite versión 3.31.1, la función isAuxiliaryVtabOperator permite a atacantes desencadenar una desreferencia del puntero NULL y un fallo de segmentación debido a las optimizaciones de columna generadas. A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20200313-0002 https://usn.ubuntu.com/4298-1 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.sqlite.org/cgi/src/info/4374860b29383380 https://www.sqlite. • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-9308
https://notcve.org/view.php?id=CVE-2020-9308
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. El archivo archive_read_support_format_rar5.c en libarchive versiones anteriores a 3.4.2, intenta descomprimir un archivo RAR5 con un encabezado no válido o corrupto (tal y como un tamaño de encabezado de cero), conllevando a un SIGSEGV o posiblemente a otro impacto no especificado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 https://github.com/libarchive/libarchive/pull/1326 https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J76F7VU7HC3GBKG5SAKTRBOFOI3RGO6M https://security.gentoo.org/glsa/202003-28 https://usn.ubuntu.com/4293-1 • CWE-787: Out-of-bounds Write •