CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2019-20788 – libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function
https://notcve.org/view.php?id=CVE-2019-20788
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. En la biblioteca libvncclient/cursor.c en LibVNCServer versiones hasta 0.9.12, tiene un desbordamiento de enteros en la función HandleCursorShape y un desbordamiento de búfer en la región heap de la memoria por medio de un valor de alto o ancho grande. A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient https://usn.ubuntu.com/4407-1 https://access.redhat.com/security/cve/CVE-2019-20788 https://bugzilla.redhat.com/show_bug.cgi?id=1829870 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 13%CPEs: 13EXPL: 0CVE-2020-11945 – squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
https://notcve.org/view.php?id=CVE-2020-11945
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). Se detectó un problema en Squid versiones anteriores a 5.0.2. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch http://www.openwall.com/lists/oss-security/2020/04/23/2 http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch https://bugzilla.suse.com/show_bug.cgi?id=1170313 https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811 https://github.com/squid-cache/squid/pull/585 • CWE-190: Integer Overflow or Wraparound CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1760 – ceph: header-splitting in RGW GetObject has a possible XSS
https://notcve.org/view.php?id=CVE-2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Se encontró un fallo en Ceph Object Gateway, donde admite peticiones enviadas por un usuario anónimo en Amazon S3. Este fallo podría conllevar a posibles ataques de tipo XSS debido a una falta de neutralización apropiada de una entrada no segura. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE https://security.gentoo.org/glsa/202105-39 https://usn.ubuntu.com/4528-1 https://www.openwall.com/lists/oss-security/2020/04/07/1 https://access.redhat.com/security/cve/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-1983 – libslirp: use after free vulnerability cause a denial of service.
https://notcve.org/view.php?id=CVE-2020-1983
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Una vulnerabilidad de uso de la memoria previamente liberada en la función ip_reass() en el archivo ip_input.c de libslirp versiones 4.2.0 y anteriores permite que paquetes especialmente diseñados causen una denegación de servicio. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20 https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fe • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-12066
https://notcve.org/view.php?id=CVE-2020-12066
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. La función CServer::SendMsg en el archivo engine/server/server.cpp en Teeworlds versiones 0.7.x anteriores a 0.7.5, permite a atacantes remotos apagar el servidor. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00045.html https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVYG7CCPS5F3OPOQMJKVNXTQ7BXSEX2V https://usn.ubuntu.com/4553-1 https://www.debian.org/security/2020/dsa-4763 https://www.teeworlds.com/forum/viewtopic.php?id=14785 • CWE-20: Improper Input Validation •