CVE-2020-14775 – mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14775
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6 https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20201023-0003 https://www.oracle.com/security-alerts/cpuoct2020.html https://acces •
CVE-2020-14672 – mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14672
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6 https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20201023-0003 https://www.oracle.com/security-alerts/cpuoct2020.html https://acces •
CVE-2020-15999 – Google Chrome FreeType Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Freetype en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file. FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png. Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. • https://github.com/oxfemale/CVE-2020-15999 https://github.com/maarlo/CVE-2020-15999 https://github.com/Marmeus/CVE-2020-15999 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://seclists.org/fulldisclosure/2020/Nov/33 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html https://crbug.com/1139963 https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html https://lists.fedoraproject.org/archives/list/package-announce%40 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-25648 – nss: TLS 1.3 CCS flood remote DoS Attack
https://notcve.org/view.php?id=CVE-2020-25648
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Se encontró un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versión 1.3. • https://bugzilla.redhat.com/show_bug.cgi?id=1887319 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-24266
https://notcve.org/view.php?id=CVE-2020-24266
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. Se detectó un problema en tcpreplay tcpprep versión v4.3.3. Se presenta una vulnerabilidad de desbordamiento del búfer en la región heap de la memoria en la función get_l2len() que puede hacer que tcpprep se bloquee y cause una denegación de servicio • https://github.com/appneta/tcpreplay/issues/617 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EA7K7VKDK2K3SY2DHQQYSCBGZLKPWXJ4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LC3UMBJFBK5HYUX7H2NGXVFI2I2EMAOF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M623ONZKOZL5Y7XQNHKXEPV76XYCPXQM https://security.gentoo.org/glsa/202105-21 • CWE-787: Out-of-bounds Write •