CVSS: 10.0EPSS: 22%CPEs: 4EXPL: 2CVE-2020-8899 – Memory corruption in Quram library when decoding qmg can lead to RCE
https://notcve.org/view.php?id=CVE-2020-8899
06 May 2020 — There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. Se presenta una vulnerabilidad de sobrescritura del búfer en la biblioteca Quram qmg del sistema operativo... • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2020-11100 – haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2020-11100
02 Apr 2020 — Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. • https://packetstorm.news/files/id/157323 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-15792 – Type confusion in shiftfs
https://notcve.org/view.php?id=CVE-2019-15792
13 Nov 2019 — In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code. En shiftfs, ... • https://www.exploit-db.com/exploits/47693 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2019-15793 – Mishandling of file-system uid/gid with namespaces in shiftfs
https://notcve.org/view.php?id=CVE-2019-15793
13 Nov 2019 — In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly b... • https://packetstorm.news/files/id/155341 • CWE-276: Incorrect Default Permissions CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-15791 – Reference count underflow in shiftfs
https://notcve.org/view.php?id=CVE-2019-15791
13 Nov 2019 — In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow. En shiftfs, un parche no upstream para el Kernel de Linux incluido en las series kernel de Ubuntu versiones 5.0 y 5.3, shiftfs_btrfs_ioct... • https://www.exploit-db.com/exploits/47693 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 2CVE-2019-15794 – Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs
https://notcve.org/view.php?id=CVE-2019-15794
12 Nov 2019 — Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vm... • https://packetstorm.news/files/id/155249 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20626 – Lara Google Analytics <= 2.0.4 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-20626
14 Oct 2019 — lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. El archivo lara-google-analytics.php en el plugin Lara Google Analytics versiones hasta 2.0.4 para WordPress, presenta una vulnerabilidad de tipo XSS almacenado autenticado • https://blog.nintechnet.com/zero-day-vulnerability-exploited-in-wordpress-lara-google-analytics-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20168
https://notcve.org/view.php?id=CVE-2018-20168
17 Dec 2018 — Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application. Google gVisor en versiones anteriores al 22/08/2018 reutiliza una tabla de página en un nivel diferente con la caché paging-structure intacta, lo que permite que los atacantes provoquen una denegación de servicio (pánico de "dirección física no válida") mediante una apl... • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6757 – True Key (TK) Windows Client - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2018-6757
06 Dec 2018 — Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. En unflatten de GraphicBuffer.cpp, hay un posible cierre erróneo de fd debido a la validación de entradas incorrecta. Esto podría llevar a un escalado de privilegios local en el servidor del sistema sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. Producto: Android. • https://packetstorm.news/files/id/150733 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6756 – True Key (TK) Windows Client - Authentication Abuse vulnerability
https://notcve.org/view.php?id=CVE-2018-6756
06 Dec 2018 — Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. Vulnerabilidad de abuso de autenticación en Microsoft Windows Client en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten comandos no autorizados mediante malware especialmente manipulado. McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.Tru... • https://packetstorm.news/files/id/150733 •