CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13396 – freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
https://notcve.org/view.php?id=CVE-2020-13396
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Se detectó una vulnerabilidad de lectura fuera de límites (OOB) en la función ntlm_read_ChallengeMessage en el archivo winpr/libwinpr/sspi/NTLM/ ntlm_message.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13397 – freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c
https://notcve.org/view.php?id=CVE-2020-13397
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Ha sido detectada una vulnerabilidad de lectura fuera de límites (OOB) en la función security_fips_decrypt en el archivo libfreerdp/core/security.c debido a un valor no inicializado. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-12693
https://notcve.org/view.php?id=CVE-2020-12693
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. Slurm versiones 19.05.x anteriores a la versión 19.05.7 y versiones 20.02.x anteriores a la versión 20.02.3, en el extraño caso en que Message Aggregation esté habilitada, permite una Omisión de Autenticación por medio de una ruta o canal alternativo. Una condición de carrera permite a un usuario iniciar un proceso como usuario arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13113 – libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free
https://notcve.org/view.php?id=CVE-2020-13113
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Un uso de la memoria no inicializada en el manejo de EXIF Makemote podría conllevar a bloqueos y condiciones potenciales de uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13113 https://bugzilla.redhat.com/show_bug.cgi?id=1840347 • CWE-822: Untrusted Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS
https://notcve.org/view.php?id=CVE-2020-13112
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13112 https://bugzilla.redhat.com/show_bug.cgi?id=1840344 • CWE-125: Out-of-bounds Read •