{"cves":[{"cve_id":"CVE-2025-6966","summary":"NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":6.9,"epss":0.0004,"ranking_epss":0.12222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865","https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html"],"published_time":"2025-12-05T13:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33208","summary":"NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2025-33208","https://nvidia.custhelp.com/app/answers/detail/a_id/5730","https://www.cve.org/CVERecord?id=CVE-2025-33208"],"published_time":"2025-12-03T19:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32463","summary":"Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.38489,"ranking_epss":0.9724,"kev":true,"propose_action":"Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.","ransomware_campaign":"Unknown","references":["https://access.redhat.com/security/cve/cve-2025-32463","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463","https://explore.alas.aws.amazon.com/CVE-2025-32463.html","https://security-tracker.debian.org/tracker/CVE-2025-32463","https://ubuntu.com/security/notices/USN-7604-1","https://www.openwall.com/lists/oss-security/2025/06/30/3","https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/","https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot","https://www.sudo.ws/releases/changelog/","https://www.sudo.ws/security/advisories/","https://www.sudo.ws/security/advisories/chroot_bug/","https://www.suse.com/security/cve/CVE-2025-32463.html","https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/","https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability","https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability","https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"],"published_time":"2025-06-30T21:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5054","summary":"Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\n\n\n\n\nWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/CVE-2025-5054","https://ubuntu.com/security/notices/USN-7545-1","https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt","http://seclists.org/fulldisclosure/2025/Jun/9"],"published_time":"2025-05-30T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5616","summary":"In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.","cvss":4.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577","https://ubuntu.com/security/CVE-2023-5616","https://ubuntu.com/security/notices/USN-6554-1"],"published_time":"2025-04-15T19:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1804","summary":"accountsservice no longer drops permissions when writting .pam_environment","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.0538,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250","https://ubuntu.com/security/notices/USN-5439-1"],"published_time":"2025-03-25T13:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26466","summary":"A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.60426,"ranking_epss":0.98282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2025-26466","https://bugzilla.redhat.com/show_bug.cgi?id=2345043","https://seclists.org/oss-sec/2025/q1/144","https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt","http://seclists.org/fulldisclosure/2025/Feb/18","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","https://bugzilla.suse.com/show_bug.cgi?id=1237041","https://security-tracker.debian.org/tracker/CVE-2025-26466","https://security.netapp.com/advisory/ntap-20250228-0002/","https://ubuntu.com/security/CVE-2025-26466","https://www.openwall.com/lists/oss-security/2025/02/18/1","https://www.openwall.com/lists/oss-security/2025/02/18/4","https://www.vicarius.io/vsociety/posts/cve-2025-26466-detection-script-memory-consumption-vulnerability-in-openssh","https://www.vicarius.io/vsociety/posts/cve-2025-26466-mitigation-script-memory-consumption-vulnerability-in-openssh","https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"],"published_time":"2025-02-28T22:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1736","summary":"Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028","https://ubuntu.com/security/CVE-2022-1736","https://ubuntu.com/security/notices/USN-5430-1"],"published_time":"2025-01-31T02:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11586","summary":"Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822","https://www.cve.org/CVERecord?id=CVE-2024-11586"],"published_time":"2024-11-23T03:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0115","summary":"NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5560"],"published_time":"2024-08-12T13:38:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5290","summary":"An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00306,"ranking_epss":0.53828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613","https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/","https://ubuntu.com/security/notices/USN-6945-1"],"published_time":"2024-08-07T09:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6773","summary":"Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/347724915","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/347724915"],"published_time":"2024-07-16T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6387","summary":"A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.44589,"ranking_epss":0.9757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2024:4312","https://access.redhat.com/errata/RHSA-2024:4340","https://access.redhat.com/errata/RHSA-2024:4389","https://access.redhat.com/errata/RHSA-2024:4469","https://access.redhat.com/errata/RHSA-2024:4474","https://access.redhat.com/errata/RHSA-2024:4479","https://access.redhat.com/errata/RHSA-2024:4484","https://access.redhat.com/security/cve/CVE-2024-6387","https://bugzilla.redhat.com/show_bug.cgi?id=2294604","https://santandersecurityresearch.github.io/blog/sshing_the_masses.html","https://www.openssh.com/txt/release-9.8","https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://www.openwall.com/lists/oss-security/2024/07/01/12","http://www.openwall.com/lists/oss-security/2024/07/01/13","http://www.openwall.com/lists/oss-security/2024/07/02/1","http://www.openwall.com/lists/oss-security/2024/07/03/1","http://www.openwall.com/lists/oss-security/2024/07/03/11","http://www.openwall.com/lists/oss-security/2024/07/03/2","http://www.openwall.com/lists/oss-security/2024/07/03/3","http://www.openwall.com/lists/oss-security/2024/07/03/4","http://www.openwall.com/lists/oss-security/2024/07/03/5","http://www.openwall.com/lists/oss-security/2024/07/04/1","http://www.openwall.com/lists/oss-security/2024/07/04/2","http://www.openwall.com/lists/oss-security/2024/07/08/2","http://www.openwall.com/lists/oss-security/2024/07/08/3","http://www.openwall.com/lists/oss-security/2024/07/09/2","http://www.openwall.com/lists/oss-security/2024/07/09/5","http://www.openwall.com/lists/oss-security/2024/07/10/1","http://www.openwall.com/lists/oss-security/2024/07/10/2","http://www.openwall.com/lists/oss-security/2024/07/10/3","http://www.openwall.com/lists/oss-security/2024/07/10/4","http://www.openwall.com/lists/oss-security/2024/07/10/6","http://www.openwall.com/lists/oss-security/2024/07/11/1","http://www.openwall.com/lists/oss-security/2024/07/11/3","http://www.openwall.com/lists/oss-security/2024/07/23/4","http://www.openwall.com/lists/oss-security/2024/07/23/6","http://www.openwall.com/lists/oss-security/2024/07/28/2","http://www.openwall.com/lists/oss-security/2024/07/28/3","https://access.redhat.com/errata/RHSA-2024:4312","https://access.redhat.com/errata/RHSA-2024:4340","https://access.redhat.com/errata/RHSA-2024:4389","https://access.redhat.com/errata/RHSA-2024:4469","https://access.redhat.com/errata/RHSA-2024:4474","https://access.redhat.com/errata/RHSA-2024:4479","https://access.redhat.com/errata/RHSA-2024:4484","https://access.redhat.com/security/cve/CVE-2024-6387","https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/","https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/","https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server","https://bugzilla.redhat.com/show_bug.cgi?id=2294604","https://explore.alas.aws.amazon.com/CVE-2024-6387.html","https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132","https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc","https://github.com/AlmaLinux/updates/issues/629","https://github.com/Azure/AKS/issues/4379","https://github.com/PowerShell/Win32-OpenSSH/discussions/2248","https://github.com/PowerShell/Win32-OpenSSH/issues/2249","https://github.com/microsoft/azurelinux/issues/9555","https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09","https://github.com/oracle/oracle-linux/issues/149","https://github.com/rapier1/hpn-ssh/issues/87","https://github.com/zgzhang/cve-2024-6387-poc","https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/","https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html","https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html","https://news.ycombinator.com/item?id=40843778","https://packetstorm.news/files/id/190587/","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010","https://santandersecurityresearch.github.io/blog/sshing_the_masses.html","https://security-tracker.debian.org/tracker/CVE-2024-6387","https://security.netapp.com/advisory/ntap-20240701-0001/","https://sig-security.rocky.page/issues/CVE-2024-6387/","https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://ubuntu.com/security/CVE-2024-6387","https://ubuntu.com/security/notices/USN-6859-1","https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do","https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100","https://www.exploit-db.com/exploits/52269","https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc","https://www.openssh.com/txt/release-9.8","https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt","https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html","https://www.suse.com/security/cve/CVE-2024-6387.html","https://www.theregister.com/2024/07/01/regresshion_openssh/","https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"],"published_time":"2024-07-01T13:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27352","summary":"When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/snapd/+bug/1910456","https://ubuntu.com/security/notices/USN-4728-1","https://www.cve.org/CVERecord?id=CVE-2020-27352","https://bugs.launchpad.net/snapd/+bug/1910456","https://ubuntu.com/security/notices/USN-4728-1","https://www.cve.org/CVERecord?id=CVE-2020-27352"],"published_time":"2024-06-21T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0090","summary":"NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0091","summary":"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37635,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0092","summary":"NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0093","summary":"NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0084","summary":"NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0085","summary":"NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0086","summary":"NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5551","https://nvidia.custhelp.com/app/answers/detail/a_id/5551"],"published_time":"2024-06-13T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28656","summary":"is_closing_session() allows users to consume RAM in the Apport process","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28656","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28656"],"published_time":"2024-06-04T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28657","summary":"Apport does not disable python crash handler before entering chroot","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.1553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28657","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28657"],"published_time":"2024-06-04T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28658","summary":"Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28658","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28658"],"published_time":"2024-06-04T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28652","summary":"~/.config/apport/settings parsing is vulnerable to \"billion laughs\" attack","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28652","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28652"],"published_time":"2024-06-04T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28654","summary":"is_closing_session() allows users to fill up apport.log","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28654","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28654"],"published_time":"2024-06-04T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28655","summary":"is_closing_session() allows users to create arbitrary tcp dbus connections","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28655","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-28655"],"published_time":"2024-06-04T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1242","summary":"Apport can be tricked into connecting to arbitrary sockets as the root user","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-1242","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2022-1242"],"published_time":"2024-06-03T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3899","summary":"There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02245,"ranking_epss":0.84573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2021-3899","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376","https://ubuntu.com/security/notices/USN-5427-1","https://www.cve.org/CVERecord?id=CVE-2021-3899"],"published_time":"2024-06-03T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-36390","summary":"MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.gov.il/en/Departments/faq/cve_advisories","https://www.gov.il/en/Departments/faq/cve_advisories"],"published_time":"2024-06-02T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-36391","summary":"MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.gov.il/en/Departments/faq/cve_advisories","https://www.gov.il/en/Departments/faq/cve_advisories"],"published_time":"2024-06-02T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-36392","summary":"MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00212,"ranking_epss":0.43673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.gov.il/en/Departments/faq/cve_advisories","https://www.gov.il/en/Departments/faq/cve_advisories"],"published_time":"2024-06-02T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-36388","summary":"MileSight DeviceHub - \n\n\n\nCWE-305 Missing Authentication for Critical Function","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00201,"ranking_epss":0.42197,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.gov.il/en/Departments/faq/cve_advisories","https://www.gov.il/en/Departments/faq/cve_advisories"],"published_time":"2024-06-02T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-36389","summary":"MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.gov.il/en/Departments/faq/cve_advisories","https://www.gov.il/en/Departments/faq/cve_advisories"],"published_time":"2024-06-02T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27776","summary":"MileSight DeviceHub - \n\nCWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00572,"ranking_epss":0.68645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.gov.il/en/Departments/faq/cve_advisories","https://www.gov.il/en/Departments/faq/cve_advisories"],"published_time":"2024-06-02T13:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5493","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.64782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339877165","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339877165","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3600","summary":"It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.36973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600","https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90","https://ubuntu.com/security/notices/USN-5003-1","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600","https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90","https://ubuntu.com/security/notices/USN-5003-1"],"published_time":"2024-01-08T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1032","summary":"The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032","https://ubuntu.com/security/notices/USN-5977-1","https://ubuntu.com/security/notices/USN-6024-1","https://ubuntu.com/security/notices/USN-6033-1","https://www.openwall.com/lists/oss-security/2023/03/13/2","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032","https://ubuntu.com/security/notices/USN-5977-1","https://ubuntu.com/security/notices/USN-6024-1","https://ubuntu.com/security/notices/USN-6033-1","https://www.openwall.com/lists/oss-security/2023/03/13/2"],"published_time":"2024-01-08T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2602","summary":"io_uring UAF, Unix SCM garbage collection","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01324,"ranking_epss":0.79893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602","https://ubuntu.com/security/notices/USN-5691-1","https://ubuntu.com/security/notices/USN-5692-1","https://ubuntu.com/security/notices/USN-5693-1","https://ubuntu.com/security/notices/USN-5700-1","https://ubuntu.com/security/notices/USN-5752-1","http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602","https://ubuntu.com/security/notices/USN-5691-1","https://ubuntu.com/security/notices/USN-5692-1","https://ubuntu.com/security/notices/USN-5693-1","https://ubuntu.com/security/notices/USN-5700-1","https://ubuntu.com/security/notices/USN-5752-1"],"published_time":"2024-01-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-3328","summary":"Race condition in snap-confine's must_mkdir_and_open_with_perms()","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328","https://ubuntu.com/security/notices/USN-5753-1","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328","https://ubuntu.com/security/notices/USN-5753-1"],"published_time":"2024-01-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2585","summary":"It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00412,"ranking_epss":0.61449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585","https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u","https://ubuntu.com/security/notices/USN-5564-1","https://ubuntu.com/security/notices/USN-5565-1","https://ubuntu.com/security/notices/USN-5566-1","https://ubuntu.com/security/notices/USN-5567-1","https://www.openwall.com/lists/oss-security/2022/08/09/7","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585","https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u","https://ubuntu.com/security/notices/USN-5564-1","https://ubuntu.com/security/notices/USN-5565-1","https://ubuntu.com/security/notices/USN-5566-1","https://ubuntu.com/security/notices/USN-5567-1","https://www.openwall.com/lists/oss-security/2022/08/09/7"],"published_time":"2024-01-08T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2586","summary":"It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.02217,"ranking_epss":0.84483,"kev":true,"propose_action":"Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges. ","ransomware_campaign":"Unknown","references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586","https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t","https://ubuntu.com/security/notices/USN-5557-1","https://ubuntu.com/security/notices/USN-5560-1","https://ubuntu.com/security/notices/USN-5560-2","https://ubuntu.com/security/notices/USN-5562-1","https://ubuntu.com/security/notices/USN-5564-1","https://ubuntu.com/security/notices/USN-5565-1","https://ubuntu.com/security/notices/USN-5566-1","https://ubuntu.com/security/notices/USN-5567-1","https://ubuntu.com/security/notices/USN-5582-1","https://www.openwall.com/lists/oss-security/2022/08/09/5","https://www.zerodayinitiative.com/advisories/ZDI-22-1118/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586","https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t","https://ubuntu.com/security/notices/USN-5557-1","https://ubuntu.com/security/notices/USN-5560-1","https://ubuntu.com/security/notices/USN-5560-2","https://ubuntu.com/security/notices/USN-5562-1","https://ubuntu.com/security/notices/USN-5564-1","https://ubuntu.com/security/notices/USN-5565-1","https://ubuntu.com/security/notices/USN-5566-1","https://ubuntu.com/security/notices/USN-5567-1","https://ubuntu.com/security/notices/USN-5582-1","https://www.openwall.com/lists/oss-security/2022/08/09/5","https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586","https://www.zerodayinitiative.com/advisories/ZDI-22-1118/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586"],"published_time":"2024-01-08T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2588","summary":"It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.54426,"ranking_epss":0.98027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588","https://github.com/Markakd/CVE-2022-2588","https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u","https://ubuntu.com/security/notices/USN-5557-1","https://ubuntu.com/security/notices/USN-5560-1","https://ubuntu.com/security/notices/USN-5560-2","https://ubuntu.com/security/notices/USN-5562-1","https://ubuntu.com/security/notices/USN-5564-1","https://ubuntu.com/security/notices/USN-5565-1","https://ubuntu.com/security/notices/USN-5566-1","https://ubuntu.com/security/notices/USN-5567-1","https://ubuntu.com/security/notices/USN-5582-1","https://ubuntu.com/security/notices/USN-5588-1","https://www.openwall.com/lists/oss-security/2022/08/09/6","https://www.zerodayinitiative.com/advisories/ZDI-22-1117/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588","https://github.com/Markakd/CVE-2022-2588","https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u","https://ubuntu.com/security/notices/USN-5557-1","https://ubuntu.com/security/notices/USN-5560-1","https://ubuntu.com/security/notices/USN-5560-2","https://ubuntu.com/security/notices/USN-5562-1","https://ubuntu.com/security/notices/USN-5564-1","https://ubuntu.com/security/notices/USN-5565-1","https://ubuntu.com/security/notices/USN-5566-1","https://ubuntu.com/security/notices/USN-5567-1","https://ubuntu.com/security/notices/USN-5582-1","https://ubuntu.com/security/notices/USN-5588-1","https://www.openwall.com/lists/oss-security/2022/08/09/6","https://www.zerodayinitiative.com/advisories/ZDI-22-1117/"],"published_time":"2024-01-08T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5536","summary":"A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536","https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4","https://ubuntu.com/security/CVE-2023-5536","https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536","https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4","https://ubuntu.com/security/CVE-2023-5536"],"published_time":"2023-12-12T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-45866","summary":"Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.34352,"ranking_epss":0.96987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://bluetooth.com","https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675","https://github.com/skysafe/reblog/tree/main/cve-2023-45866","https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://security.gentoo.org/glsa/202401-03","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://www.debian.org/security/2023/dsa-5584","http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://bluetooth.com","https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675","https://github.com/skysafe/reblog/tree/main/cve-2023-45866","https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://security.gentoo.org/glsa/202401-03","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://www.debian.org/security/2023/dsa-5584"],"published_time":"2023-12-08T06:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-31018","summary":"NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5491","https://nvidia.custhelp.com/app/answers/detail/a_id/5491"],"published_time":"2023-11-02T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-31021","summary":"NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5491","https://nvidia.custhelp.com/app/answers/detail/a_id/5491"],"published_time":"2023-11-02T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-31022","summary":"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5491","https://nvidia.custhelp.com/app/answers/detail/a_id/5491"],"published_time":"2023-11-02T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-31026","summary":"NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.0487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5491","https://nvidia.custhelp.com/app/answers/detail/a_id/5491"],"published_time":"2023-11-02T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4911","summary":"A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.74256,"ranking_epss":0.9884,"kev":true,"propose_action":"GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.","ransomware_campaign":"Unknown","references":["https://access.redhat.com/errata/RHSA-2023:5453","https://access.redhat.com/errata/RHSA-2023:5454","https://access.redhat.com/errata/RHSA-2023:5455","https://access.redhat.com/errata/RHSA-2023:5476","https://access.redhat.com/errata/RHSA-2024:0033","https://access.redhat.com/security/cve/CVE-2023-4911","https://bugzilla.redhat.com/show_bug.cgi?id=2238352","https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt","https://www.qualys.com/cve-2023-4911/","http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html","http://seclists.org/fulldisclosure/2023/Oct/11","http://www.openwall.com/lists/oss-security/2023/10/03/2","http://www.openwall.com/lists/oss-security/2023/10/03/3","http://www.openwall.com/lists/oss-security/2023/10/05/1","http://www.openwall.com/lists/oss-security/2023/10/13/11","http://www.openwall.com/lists/oss-security/2023/10/14/3","http://www.openwall.com/lists/oss-security/2023/10/14/5","http://www.openwall.com/lists/oss-security/2023/10/14/6","https://access.redhat.com/errata/RHSA-2023:5453","https://access.redhat.com/errata/RHSA-2023:5454","https://access.redhat.com/errata/RHSA-2023:5455","https://access.redhat.com/errata/RHSA-2023:5476","https://access.redhat.com/errata/RHSA-2024:0033","https://access.redhat.com/security/cve/CVE-2023-4911","https://bugzilla.redhat.com/show_bug.cgi?id=2238352","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","https://security.gentoo.org/glsa/202310-03","https://security.netapp.com/advisory/ntap-20231013-0006/","https://www.debian.org/security/2023/dsa-5514","https://www.exploit-db.com/exploits/52479","https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt","https://www.qualys.com/cve-2023-4911/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911"],"published_time":"2023-10-03T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-44216","summary":"PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00494,"ranking_epss":0.65741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/","https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/","https://blog.imaginationtech.com/reducing-bandwidth-pvric/","https://github.com/UT-Security/gpu-zip","https://news.ycombinator.com/item?id=37663159","https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/","https://www.hertzbleed.com/gpu.zip/","https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf","https://www.w3.org/TR/filter-effects-1/","https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/","https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/","https://blog.imaginationtech.com/reducing-bandwidth-pvric/","https://github.com/UT-Security/gpu-zip","https://news.ycombinator.com/item?id=37663159","https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/","https://www.hertzbleed.com/gpu.zip/","https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf","https://www.w3.org/TR/filter-effects-1/"],"published_time":"2023-09-27T15:19:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3777","summary":"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html","http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8","https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8","https://www.debian.org/security/2023/dsa-5492","http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html","http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8","https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8","https://www.debian.org/security/2023/dsa-5492"],"published_time":"2023-09-06T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3297","summary":"In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297","https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/","https://ubuntu.com/security/notices/USN-6190-1","https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297","https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/","https://ubuntu.com/security/notices/USN-6190-1"],"published_time":"2023-09-01T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1523","summary":"Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","https://github.com/snapcore/snapd/pull/12849","https://marc.info/?l=oss-security&m=167879021709955&w=2","https://ubuntu.com/security/notices/USN-6125-1","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","https://github.com/snapcore/snapd/pull/12849","https://marc.info/?l=oss-security&m=167879021709955&w=2","https://ubuntu.com/security/notices/USN-6125-1"],"published_time":"2023-09-01T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40283","summary":"An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.0128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html","http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1","https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html","https://security.netapp.com/advisory/ntap-20231020-0007/","https://www.debian.org/security/2023/dsa-5480","https://www.debian.org/security/2023/dsa-5492","http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html","http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1","https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html","https://security.netapp.com/advisory/ntap-20231020-0007/","https://www.debian.org/security/2023/dsa-5480","https://www.debian.org/security/2023/dsa-5492"],"published_time":"2023-08-14T03:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2640","summary":"On Ubuntu kernels carrying both c914c0e27eb0 and \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.91524,"ranking_epss":0.99672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640","https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html","https://ubuntu.com/security/notices/USN-6250-1","https://wiz.io/blog/ubuntu-overlayfs-vulnerability","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640","https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html","https://ubuntu.com/security/notices/USN-6250-1","https://wiz.io/blog/ubuntu-overlayfs-vulnerability"],"published_time":"2023-07-26T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32629","summary":"Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.62839,"ranking_epss":0.98386,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629","https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html","https://ubuntu.com/security/notices/USN-6250-1","https://wiz.io/blog/ubuntu-overlayfs-vulnerability","http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629","https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html","https://ubuntu.com/security/notices/USN-6250-1","https://wiz.io/blog/ubuntu-overlayfs-vulnerability"],"published_time":"2023-07-26T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3567","summary":"A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2024:0412","https://access.redhat.com/errata/RHSA-2024:0431","https://access.redhat.com/errata/RHSA-2024:0432","https://access.redhat.com/errata/RHSA-2024:0439","https://access.redhat.com/errata/RHSA-2024:0448","https://access.redhat.com/errata/RHSA-2024:0575","https://access.redhat.com/errata/RHSA-2024:2394","https://access.redhat.com/errata/RHSA-2024:2950","https://access.redhat.com/errata/RHSA-2024:3138","https://access.redhat.com/security/cve/CVE-2023-3567","https://bugzilla.redhat.com/show_bug.cgi?id=2221463","https://www.spinics.net/lists/stable-commits/msg285184.html","http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html","http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html","https://access.redhat.com/errata/RHSA-2024:0412","https://access.redhat.com/errata/RHSA-2024:0431","https://access.redhat.com/errata/RHSA-2024:0432","https://access.redhat.com/errata/RHSA-2024:0439","https://access.redhat.com/errata/RHSA-2024:0448","https://access.redhat.com/errata/RHSA-2024:0575","https://access.redhat.com/errata/RHSA-2024:2394","https://access.redhat.com/errata/RHSA-2024:2950","https://access.redhat.com/errata/RHSA-2024:3138","https://access.redhat.com/security/cve/CVE-2023-3567","https://bugzilla.redhat.com/show_bug.cgi?id=2221463","https://www.spinics.net/lists/stable-commits/msg285184.html"],"published_time":"2023-07-24T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-24492","summary":"\nA vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.\n","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00441,"ranking_epss":0.63239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492","https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492"],"published_time":"2023-07-11T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-31248","summary":"Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00204,"ranking_epss":0.42566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html","http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","http://www.openwall.com/lists/oss-security/2023/07/05/2","https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/","https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/","https://security.netapp.com/advisory/ntap-20240201-0001/","https://www.debian.org/security/2023/dsa-5453","https://www.openwall.com/lists/oss-security/2023/07/05/2","http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html","http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","http://www.openwall.com/lists/oss-security/2023/07/05/2","https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/","https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/","https://security.netapp.com/advisory/ntap-20240201-0001/","https://www.debian.org/security/2023/dsa-5453","https://www.openwall.com/lists/oss-security/2023/07/05/2"],"published_time":"2023-07-05T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3389","summary":"A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59","https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663","https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04","https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://security.netapp.com/advisory/ntap-20230731-0001/","https://www.debian.org/security/2023/dsa-5480","http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59","https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663","https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04","https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://security.netapp.com/advisory/ntap-20230731-0001/","https://www.debian.org/security/2023/dsa-5480"],"published_time":"2023-06-28T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35788","summary":"An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","http://www.openwall.com/lists/oss-security/2023/06/17/1","https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7","https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c","https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://security.netapp.com/advisory/ntap-20230714-0002/","https://www.debian.org/security/2023/dsa-5448","https://www.debian.org/security/2023/dsa-5480","https://www.openwall.com/lists/oss-security/2023/06/07/1","http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html","http://www.openwall.com/lists/oss-security/2023/06/17/1","https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7","https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c","https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://security.netapp.com/advisory/ntap-20230714-0002/","https://www.debian.org/security/2023/dsa-5448","https://www.debian.org/security/2023/dsa-5480","https://www.openwall.com/lists/oss-security/2023/06/07/1"],"published_time":"2023-06-16T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2612","summary":"Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e","https://ubuntu.com/security/CVE-2023-2612","https://ubuntu.com/security/notices/USN-6122-1","https://ubuntu.com/security/notices/USN-6123-1","https://ubuntu.com/security/notices/USN-6124-1","https://ubuntu.com/security/notices/USN-6127-1","http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e","https://ubuntu.com/security/CVE-2023-2612","https://ubuntu.com/security/notices/USN-6122-1","https://ubuntu.com/security/notices/USN-6123-1","https://ubuntu.com/security/notices/USN-6124-1","https://ubuntu.com/security/notices/USN-6127-1"],"published_time":"2023-05-31T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1786","summary":"Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/cloud-init/+bug/2013967","https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/","https://ubuntu.com/security/notices/USN-6042-1","https://bugs.launchpad.net/cloud-init/+bug/2013967","https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/","https://ubuntu.com/security/notices/USN-6042-1"],"published_time":"2023-04-26T23:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2084","summary":"Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c","https://ubuntu.com/security/notices/USN-5496-1","https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c","https://ubuntu.com/security/notices/USN-5496-1"],"published_time":"2023-04-19T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1326","summary":"A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.04495,"ranking_epss":0.89124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb","https://ubuntu.com/security/notices/USN-6018-1","https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb","https://ubuntu.com/security/notices/USN-6018-1"],"published_time":"2023-04-13T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11935","summary":"It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10082,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/bugs/1873074","https://ubuntu.com/security/CVE-2020-11935","https://bugs.launchpad.net/bugs/1873074","https://ubuntu.com/security/CVE-2020-11935"],"published_time":"2023-04-07T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0179","summary":"A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0048,"ranking_epss":0.65078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=2161713","https://seclists.org/oss-sec/2023/q1/20","https://security.netapp.com/advisory/ntap-20230511-0003/","http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=2161713","https://seclists.org/oss-sec/2023/q1/20","https://security.netapp.com/advisory/ntap-20230511-0003/"],"published_time":"2023-03-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1380","summary":"A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html","http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=2177883","https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u","https://security.netapp.com/advisory/ntap-20230511-0001/","https://www.debian.org/security/2023/dsa-5480","https://www.openwall.com/lists/oss-security/2023/03/14/1","http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html","http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=2177883","https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u","https://security.netapp.com/advisory/ntap-20230511-0001/","https://www.debian.org/security/2023/dsa-5480","https://www.openwall.com/lists/oss-security/2023/03/14/1"],"published_time":"2023-03-27T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0386","summary":"A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.52388,"ranking_epss":0.97931,"kev":true,"propose_action":"Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a","https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html","https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","https://security.netapp.com/advisory/ntap-20230420-0004/","https://www.debian.org/security/2023/dsa-5402","http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a","https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html","https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","https://security.netapp.com/advisory/ntap-20230420-0004/","https://www.debian.org/security/2023/dsa-5402","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0386"],"published_time":"2023-03-22T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-44544","summary":"Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00544,"ranking_epss":0.67758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/mahara/+bug/1979575","https://mahara.org/interaction/forum/topic.php?id=9198","https://bugs.launchpad.net/mahara/+bug/1979575","https://mahara.org/interaction/forum/topic.php?id=9198"],"published_time":"2022-11-06T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-40617","summary":"strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/","https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/","https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"],"published_time":"2022-10-31T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-40277","summary":"Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00113,"ranking_epss":0.29813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://fluidattacks.com/advisories/skrillex/","https://github.com/laurent22/joplin","https://fluidattacks.com/advisories/skrillex/","https://github.com/laurent22/joplin"],"published_time":"2022-09-30T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-41222","summary":"mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html","http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=2347","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2","https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html","https://security.netapp.com/advisory/ntap-20230214-0008/","http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html","http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=2347","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2","https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html","https://security.netapp.com/advisory/ntap-20230214-0008/"],"published_time":"2022-09-21T08:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-39176","summary":"BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968","https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html","https://security.netapp.com/advisory/ntap-20221020-0002/","https://ubuntu.com/security/notices/USN-5481-1","https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968","https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html","https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html","https://security.netapp.com/advisory/ntap-20221020-0002/","https://ubuntu.com/security/notices/USN-5481-1"],"published_time":"2022-09-02T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-39177","summary":"BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968","https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html","https://security.netapp.com/advisory/ntap-20221020-0002/","https://ubuntu.com/security/notices/USN-5481-1","https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968","https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html","https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html","https://security.netapp.com/advisory/ntap-20221020-0002/","https://ubuntu.com/security/notices/USN-5481-1"],"published_time":"2022-09-02T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1184","summary":"A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2022-1184","https://bugzilla.redhat.com/show_bug.cgi?id=2070205","https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html","https://ubuntu.com/security/CVE-2022-1184","https://www.debian.org/security/2022/dsa-5257","https://access.redhat.com/security/cve/CVE-2022-1184","https://bugzilla.redhat.com/show_bug.cgi?id=2070205","https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html","https://ubuntu.com/security/CVE-2022-1184","https://www.debian.org/security/2022/dsa-5257"],"published_time":"2022-08-29T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3975","summary":"A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2021-3975","https://bugzilla.redhat.com/show_bug.cgi?id=2024326","https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7","https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","https://security.netapp.com/advisory/ntap-20221201-0002/","https://ubuntu.com/security/CVE-2021-3975","https://access.redhat.com/security/cve/CVE-2021-3975","https://bugzilla.redhat.com/show_bug.cgi?id=2024326","https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7","https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","https://security.netapp.com/advisory/ntap-20221201-0002/","https://ubuntu.com/security/CVE-2021-3975"],"published_time":"2022-08-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3905","summary":"A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2021-3905","https://bugzilla.redhat.com/show_bug.cgi?id=2019692","https://github.com/openvswitch/ovs-issues/issues/226","https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349","https://security.gentoo.org/glsa/202311-16","https://ubuntu.com/security/CVE-2021-3905","https://access.redhat.com/security/cve/CVE-2021-3905","https://bugzilla.redhat.com/show_bug.cgi?id=2019692","https://github.com/openvswitch/ovs-issues/issues/226","https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349","https://security.gentoo.org/glsa/202311-16","https://ubuntu.com/security/CVE-2021-3905"],"published_time":"2022-08-23T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-23238","summary":"Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00749,"ranking_epss":0.73117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.netapp.com/advisory/NTAP-20220808-0001/","https://security.netapp.com/advisory/NTAP-20220808-0001/"],"published_time":"2022-08-10T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-34918","summary":"An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.3234,"ranking_epss":0.96839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html","http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html","http://www.openwall.com/lists/oss-security/2022/07/05/1","http://www.openwall.com/lists/oss-security/2022/08/06/5","https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6","https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u","https://security.netapp.com/advisory/ntap-20220826-0004/","https://www.debian.org/security/2022/dsa-5191","https://www.openwall.com/lists/oss-security/2022/07/02/3","https://www.randorisec.fr/crack-linux-firewall/","http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html","http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html","http://www.openwall.com/lists/oss-security/2022/07/05/1","http://www.openwall.com/lists/oss-security/2022/08/06/5","https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6","https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u","https://security.netapp.com/advisory/ntap-20220826-0004/","https://www.debian.org/security/2022/dsa-5191","https://www.openwall.com/lists/oss-security/2022/07/02/3","https://www.randorisec.fr/crack-linux-firewall/"],"published_time":"2022-07-04T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-29581","summary":"Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00185,"ranking_epss":0.4028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html","http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html","http://www.openwall.com/lists/oss-security/2022/05/18/2","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8","https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8","https://security.netapp.com/advisory/ntap-20220629-0005/","https://www.debian.org/security/2022/dsa-5173","http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html","http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html","http://www.openwall.com/lists/oss-security/2022/05/18/2","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8","https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8","https://security.netapp.com/advisory/ntap-20220629-0005/","https://www.debian.org/security/2022/dsa-5173"],"published_time":"2022-05-17T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1055","summary":"A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5","cvss":8.6,"cvss_version":4.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":8.6,"epss":0.00024,"ranking_epss":0.06341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5","https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5","https://security.netapp.com/advisory/ntap-20220506-0007/","https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc","http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5","https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5","https://security.netapp.com/advisory/ntap-20220506-0007/","https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc"],"published_time":"2022-03-29T15:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3748","summary":"A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1998514","https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6","https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html","https://security.gentoo.org/glsa/202208-27","https://security.netapp.com/advisory/ntap-20220425-0004/","https://ubuntu.com/security/CVE-2021-3748","https://bugzilla.redhat.com/show_bug.cgi?id=1998514","https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6","https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html","https://security.gentoo.org/glsa/202208-27","https://security.netapp.com/advisory/ntap-20220425-0004/","https://ubuntu.com/security/CVE-2021-3748"],"published_time":"2022-03-23T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-24760","summary":"Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.","cvss":10.0,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":10.0,"cvss_v4":null,"epss":0.75565,"ranking_epss":0.98898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/parse-community/parse-server/commit/886bfd7cac69496e3f73d4bb536f0eec3cba0e4d","https://github.com/parse-community/parse-server/security/advisories/GHSA-p6h4-93qp-jhcm","https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099/","https://github.com/parse-community/parse-server/commit/886bfd7cac69496e3f73d4bb536f0eec3cba0e4d","https://github.com/parse-community/parse-server/security/advisories/GHSA-p6h4-93qp-jhcm","https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099/"],"published_time":"2022-03-12T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3737","summary":"A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00119,"ranking_epss":0.30821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.python.org/issue44022","https://bugzilla.redhat.com/show_bug.cgi?id=1995162","https://github.com/python/cpython/pull/25916","https://github.com/python/cpython/pull/26503","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html","https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html","https://security.netapp.com/advisory/ntap-20220407-0009/","https://ubuntu.com/security/CVE-2021-3737","https://www.oracle.com/security-alerts/cpujul2022.html","https://bugs.python.org/issue44022","https://bugzilla.redhat.com/show_bug.cgi?id=1995162","https://github.com/python/cpython/pull/25916","https://github.com/python/cpython/pull/26503","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html","https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html","https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html","https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html","https://security.netapp.com/advisory/ntap-20220407-0009/","https://ubuntu.com/security/CVE-2021-3737","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-03-04T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3640","summary":"A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1980646","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951","https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951","https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html","https://security.netapp.com/advisory/ntap-20220419-0003/","https://ubuntu.com/security/CVE-2021-3640","https://www.debian.org/security/2022/dsa-5096","https://www.openwall.com/lists/oss-security/2021/07/22/1","https://bugzilla.redhat.com/show_bug.cgi?id=1980646","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951","https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951","https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html","https://security.netapp.com/advisory/ntap-20220419-0003/","https://ubuntu.com/security/CVE-2021-3640","https://www.debian.org/security/2022/dsa-5096","https://www.openwall.com/lists/oss-security/2021/07/22/1"],"published_time":"2022-03-03T23:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0492","summary":"A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.05093,"ranking_epss":0.89822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html","http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html","http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html","https://bugzilla.redhat.com/show_bug.cgi?id=2051505","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af","https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html","https://security.netapp.com/advisory/ntap-20220419-0002/","https://www.debian.org/security/2022/dsa-5095","https://www.debian.org/security/2022/dsa-5096","http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html","http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html","http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html","https://bugzilla.redhat.com/show_bug.cgi?id=2051505","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af","https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html","https://security.netapp.com/advisory/ntap-20220419-0002/","https://www.debian.org/security/2022/dsa-5095","https://www.debian.org/security/2022/dsa-5096"],"published_time":"2022-03-03T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4115","summary":"There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html","https://access.redhat.com/security/cve/cve-2021-4115","https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e","https://gitlab.freedesktop.org/polkit/polkit/-/issues/141","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/","https://www.oracle.com/security-alerts/cpujul2022.html","http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html","https://access.redhat.com/security/cve/cve-2021-4115","https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e","https://gitlab.freedesktop.org/polkit/polkit/-/issues/141","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-02-21T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44142","summary":"The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide \"...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.\" Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":8.8,"cvss_v4":null,"epss":0.37405,"ranking_epss":0.97181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.samba.org/show_bug.cgi?id=14914","https://kb.cert.org/vuls/id/119678","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2021-44142.html","https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin","https://bugzilla.samba.org/show_bug.cgi?id=14914","https://kb.cert.org/vuls/id/119678","https://security.gentoo.org/glsa/202309-06","https://www.kb.cert.org/vuls/id/119678","https://www.samba.org/samba/security/CVE-2021-44142.html","https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin"],"published_time":"2022-02-21T15:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0543","summary":"It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.","cvss":10.0,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":10.0,"cvss_v4":null,"epss":0.94398,"ranking_epss":0.99976,"kev":true,"propose_action":"Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html","https://bugs.debian.org/1005787","https://lists.debian.org/debian-security-announce/2022/msg00048.html","https://security.netapp.com/advisory/ntap-20220331-0004/","https://www.debian.org/security/2022/dsa-5081","https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce","http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html","https://bugs.debian.org/1005787","https://lists.debian.org/debian-security-announce/2022/msg00048.html","https://security.netapp.com/advisory/ntap-20220331-0004/","https://www.debian.org/security/2022/dsa-5081","https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0543"],"published_time":"2022-02-18T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4093","summary":"A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/project-zero/issues/detail?id=2222","https://bugzilla.redhat.com/show_bug.cgi?id=2028584","https://bugs.chromium.org/p/project-zero/issues/detail?id=2222","https://bugzilla.redhat.com/show_bug.cgi?id=2028584"],"published_time":"2022-02-18T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-2124","summary":"A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00699,"ranking_epss":0.71974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2019660","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2016-2124.html","https://bugzilla.redhat.com/show_bug.cgi?id=2019660","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2016-2124.html"],"published_time":"2022-02-18T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25717","summary":"A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.","cvss":8.1,"cvss_version":3.0,"cvss_v2":8.5,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00517,"ranking_epss":0.6669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2019672","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25717.html","https://bugzilla.redhat.com/show_bug.cgi?id=2019672","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25717.html"],"published_time":"2022-02-18T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25719","summary":"A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.","cvss":7.2,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2019732","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25719.html","https://bugzilla.redhat.com/show_bug.cgi?id=2019732","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25719.html"],"published_time":"2022-02-18T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25722","summary":"Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2019764","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25722.html","https://bugzilla.redhat.com/show_bug.cgi?id=2019764","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25722.html"],"published_time":"2022-02-18T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3155","summary":"snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1","cvss":3.8,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85","https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca","https://ubuntu.com/security/notices/USN-5292-1","https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85","https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca","https://ubuntu.com/security/notices/USN-5292-1"],"published_time":"2022-02-17T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44730","summary":"snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11761,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/02/18/2","http://www.openwall.com/lists/oss-security/2022/02/23/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/","https://ubuntu.com/security/notices/USN-5292-1","https://www.debian.org/security/2022/dsa-5080","http://www.openwall.com/lists/oss-security/2022/02/18/2","http://www.openwall.com/lists/oss-security/2022/02/23/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/","https://ubuntu.com/security/notices/USN-5292-1","https://www.debian.org/security/2022/dsa-5080"],"published_time":"2022-02-17T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44731","summary":"A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01258,"ranking_epss":0.79391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html","http://seclists.org/fulldisclosure/2022/Dec/4","http://www.openwall.com/lists/oss-security/2022/02/18/2","http://www.openwall.com/lists/oss-security/2022/02/23/1","http://www.openwall.com/lists/oss-security/2022/02/23/2","http://www.openwall.com/lists/oss-security/2022/11/30/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/","https://ubuntu.com/security/notices/USN-5292-1","https://www.debian.org/security/2022/dsa-5080","http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html","http://seclists.org/fulldisclosure/2022/Dec/4","http://www.openwall.com/lists/oss-security/2022/02/18/2","http://www.openwall.com/lists/oss-security/2022/02/23/1","http://www.openwall.com/lists/oss-security/2022/02/23/2","http://www.openwall.com/lists/oss-security/2022/11/30/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/","https://ubuntu.com/security/notices/USN-5292-1","https://www.debian.org/security/2022/dsa-5080"],"published_time":"2022-02-17T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4120","summary":"snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1","cvss":8.2,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/02/18/2","https://bugs.launchpad.net/snapd/+bug/1949368","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/","https://ubuntu.com/security/notices/USN-5292-1","http://www.openwall.com/lists/oss-security/2022/02/18/2","https://bugs.launchpad.net/snapd/+bug/1949368","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/","https://ubuntu.com/security/notices/USN-5292-1"],"published_time":"2022-02-17T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3560","summary":"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.10912,"ranking_epss":0.93395,"kev":true,"propose_action":"Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html","http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html","https://bugzilla.redhat.com/show_bug.cgi?id=1961710","https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/","http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html","http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html","https://bugzilla.redhat.com/show_bug.cgi?id=1961710","https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"],"published_time":"2022-02-16T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-45079","summary":"In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html","https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html"],"published_time":"2022-01-31T08:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4034","summary":"A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.87811,"ranking_epss":0.99474,"kev":true,"propose_action":"The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html","https://access.redhat.com/security/vulnerabilities/RHSB-2022-001","https://bugzilla.redhat.com/show_bug.cgi?id=2025869","https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf","https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt","https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/","https://www.starwindsoftware.com/security/sw-20220818-0001/","https://www.suse.com/support/kb/doc/?id=000020564","http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html","https://access.redhat.com/security/vulnerabilities/RHSB-2022-001","https://bugzilla.redhat.com/show_bug.cgi?id=2025869","https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf","https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt","https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/","https://www.starwindsoftware.com/security/sw-20220818-0001/","https://www.suse.com/support/kb/doc/?id=000020564","https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"],"published_time":"2022-01-28T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-23220","summary":"USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/22/1","https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b","https://security.gentoo.org/glsa/202310-15","https://www.debian.org/security/2022/dsa-5052","https://www.openwall.com/lists/oss-security/2022/01/21/1","http://www.openwall.com/lists/oss-security/2022/01/22/1","https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b","https://security.gentoo.org/glsa/202310-15","https://www.debian.org/security/2022/dsa-5052","https://www.openwall.com/lists/oss-security/2022/01/21/1"],"published_time":"2022-01-21T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0319","summary":"Out-of-bounds Read in vim/vim prior to 8.2.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9","https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b","https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213488","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9","https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b","https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213488"],"published_time":"2022-01-21T14:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-45417","summary":"AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/20/3","https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html","https://security.gentoo.org/glsa/202311-07","https://www.debian.org/security/2022/dsa-5051","https://www.ipi.fi/pipermail/aide/2022-January/001713.html","https://www.openwall.com/lists/oss-security/2022/01/20/3","http://www.openwall.com/lists/oss-security/2022/01/20/3","https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html","https://security.gentoo.org/glsa/202311-07","https://www.debian.org/security/2022/dsa-5051","https://www.ipi.fi/pipermail/aide/2022-January/001713.html","https://www.openwall.com/lists/oss-security/2022/01/20/3"],"published_time":"2022-01-20T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-20698","summary":"A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html","https://security.gentoo.org/glsa/202310-01","https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html","https://security.gentoo.org/glsa/202310-01"],"published_time":"2022-01-14T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44420","summary":"In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.djangoproject.com/en/3.2/releases/security/","https://groups.google.com/forum/#%21forum/django-announce","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/","https://security.netapp.com/advisory/ntap-20211229-0006/","https://www.djangoproject.com/weblog/2021/dec/07/security-releases/","https://www.openwall.com/lists/oss-security/2021/12/07/1","https://docs.djangoproject.com/en/3.2/releases/security/","https://groups.google.com/forum/#%21forum/django-announce","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/","https://security.netapp.com/advisory/ntap-20211229-0006/","https://www.djangoproject.com/weblog/2021/dec/07/security-releases/","https://www.openwall.com/lists/oss-security/2021/12/07/1"],"published_time":"2021-12-08T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3939","summary":"Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html","https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149","https://ubuntu.com/security/notices/USN-5149-1","http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html","https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149","https://ubuntu.com/security/notices/USN-5149-1"],"published_time":"2021-11-17T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3710","summary":"An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710","https://ubuntu.com/security/notices/USN-5077-1","https://ubuntu.com/security/notices/USN-5077-2","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710","https://ubuntu.com/security/notices/USN-5077-1","https://ubuntu.com/security/notices/USN-5077-2"],"published_time":"2021-10-01T03:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3709","summary":"Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709","https://ubuntu.com/security/notices/USN-5077-1","https://ubuntu.com/security/notices/USN-5077-2","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709","https://ubuntu.com/security/notices/USN-5077-1","https://ubuntu.com/security/notices/USN-5077-2"],"published_time":"2021-10-01T03:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32552","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32553","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32554","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32555","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32548","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32549","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32550","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32551","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-32547","summary":"It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"],"published_time":"2021-06-12T04:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3489","summary":"The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1).","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea","https://security.netapp.com/advisory/ntap-20210716-0004/","https://ubuntu.com/security/notices/USN-4949-1","https://ubuntu.com/security/notices/USN-4950-1","https://www.openwall.com/lists/oss-security/2021/05/11/10","https://www.zerodayinitiative.com/advisories/ZDI-21-590/","https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea","https://security.netapp.com/advisory/ntap-20210716-0004/","https://ubuntu.com/security/notices/USN-4949-1","https://ubuntu.com/security/notices/USN-4950-1","https://www.openwall.com/lists/oss-security/2021/05/11/10","https://www.zerodayinitiative.com/advisories/ZDI-21-590/"],"published_time":"2021-06-04T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3490","summary":"The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1).","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03711,"ranking_epss":0.87973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html","https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e","https://security.netapp.com/advisory/ntap-20210716-0004/","https://ubuntu.com/security/notices/USN-4949-1","https://ubuntu.com/security/notices/USN-4950-1","https://www.openwall.com/lists/oss-security/2021/05/11/11","https://www.zerodayinitiative.com/advisories/ZDI-21-606/","http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html","https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e","https://security.netapp.com/advisory/ntap-20210716-0004/","https://ubuntu.com/security/notices/USN-4949-1","https://ubuntu.com/security/notices/USN-4950-1","https://www.openwall.com/lists/oss-security/2021/05/11/11","https://www.zerodayinitiative.com/advisories/ZDI-21-606/"],"published_time":"2021-06-04T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3491","summary":"The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1).","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db","https://security.netapp.com/advisory/ntap-20210716-0004/","https://ubuntu.com/security/notices/USN-4949-1","https://ubuntu.com/security/notices/USN-4950-1","https://www.openwall.com/lists/oss-security/2021/05/11/13","https://www.zerodayinitiative.com/advisories/ZDI-21-589/","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db","https://security.netapp.com/advisory/ntap-20210716-0004/","https://ubuntu.com/security/notices/USN-4949-1","https://ubuntu.com/security/notices/USN-4950-1","https://www.openwall.com/lists/oss-security/2021/05/11/13","https://www.zerodayinitiative.com/advisories/ZDI-21-589/"],"published_time":"2021-06-04T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15078","summary":"OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00333,"ranking_epss":0.56184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://community.openvpn.net/openvpn/wiki/CVE-2020-15078","https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements","https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/","https://security.gentoo.org/glsa/202105-25","https://usn.ubuntu.com/usn/usn-4933-1","https://community.openvpn.net/openvpn/wiki/CVE-2020-15078","https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements","https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/","https://security.gentoo.org/glsa/202105-25","https://usn.ubuntu.com/usn/usn-4933-1"],"published_time":"2021-04-26T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3493","summary":"The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"cvss_v4":null,"epss":0.76394,"ranking_epss":0.98934,"kev":true,"propose_action":"The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html","http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52","https://ubuntu.com/security/notices/USN-4917-1","https://www.openwall.com/lists/oss-security/2021/04/16/1","http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html","http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52","https://ubuntu.com/security/notices/USN-4917-1","https://www.openwall.com/lists/oss-security/2021/04/16/1","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3493"],"published_time":"2021-04-17T05:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3492","summary":"Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"cvss_v4":null,"epss":0.24443,"ranking_epss":0.96112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6","https://ubuntu.com/security/notices/USN-4917-1","https://www.openwall.com/lists/oss-security/2021/04/16/2","https://www.zerodayinitiative.com/advisories/ZDI-21-422/","http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6","https://ubuntu.com/security/notices/USN-4917-1","https://www.openwall.com/lists/oss-security/2021/04/16/2","https://www.zerodayinitiative.com/advisories/ZDI-21-422/"],"published_time":"2021-04-17T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-1055","summary":"The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1175691","https://ubuntu.com/USN-2743-3","https://launchpad.net/bugs/1175691","https://ubuntu.com/USN-2743-3"],"published_time":"2021-04-07T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-1054","summary":"The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1175661","https://ubuntu.com/USN-2743-3","https://launchpad.net/bugs/1175661","https://ubuntu.com/USN-2743-3"],"published_time":"2021-04-07T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3444","summary":"The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html","http://www.openwall.com/lists/oss-security/2021/03/23/2","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809","https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html","https://security.netapp.com/advisory/ntap-20210416-0006/","https://www.openwall.com/lists/oss-security/2021/03/23/2","http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html","http://www.openwall.com/lists/oss-security/2021/03/23/2","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809","https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html","https://security.netapp.com/advisory/ntap-20210416-0006/","https://www.openwall.com/lists/oss-security/2021/03/23/2"],"published_time":"2021-03-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27171","summary":"An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.","cvss":6.0,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":6.0,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","http://www.openwall.com/lists/oss-security/2021/03/24/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8","https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899","https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/","https://www.openwall.com/lists/oss-security/2021/03/19/3","http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","http://www.openwall.com/lists/oss-security/2021/03/24/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8","https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899","https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/","https://www.openwall.com/lists/oss-security/2021/03/19/3"],"published_time":"2021-03-20T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27170","summary":"An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","http://www.openwall.com/lists/oss-security/2021/03/24/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76","https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/","https://www.openwall.com/lists/oss-security/2021/03/19/2","http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","http://www.openwall.com/lists/oss-security/2021/03/24/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76","https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/","https://www.openwall.com/lists/oss-security/2021/03/19/2"],"published_time":"2021-03-20T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-27364","summary":"An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html","https://bugzilla.suse.com/show_bug.cgi?id=1182717","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","https://security.netapp.com/advisory/ntap-20210409-0001/","https://www.openwall.com/lists/oss-security/2021/03/06/1","https://www.oracle.com/security-alerts/cpuoct2021.html","http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html","https://bugzilla.suse.com/show_bug.cgi?id=1182717","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","https://security.netapp.com/advisory/ntap-20210409-0001/","https://www.openwall.com/lists/oss-security/2021/03/06/1","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2021-03-07T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16120","summary":"Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.","cvss":5.1,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8","https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f","https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d","https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84","https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52","https://launchpad.net/bugs/1894980","https://launchpad.net/bugs/1900141","https://ubuntu.com/USN-4576-1","https://ubuntu.com/USN-4577-1","https://ubuntu.com/USN-4578-1","https://www.openwall.com/lists/oss-security/2020/10/14/2","https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8","https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f","https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d","https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84","https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52","https://launchpad.net/bugs/1894980","https://launchpad.net/bugs/1900141","https://ubuntu.com/USN-4576-1","https://ubuntu.com/USN-4577-1","https://ubuntu.com/USN-4578-1","https://www.openwall.com/lists/oss-security/2020/10/14/2"],"published_time":"2021-02-10T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16119","summary":"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695","https://launchpad.net/bugs/1883840","https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html","https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T/","https://security.netapp.com/advisory/ntap-20210304-0006/","https://ubuntu.com/USN-4576-1","https://ubuntu.com/USN-4577-1","https://ubuntu.com/USN-4578-1","https://ubuntu.com/USN-4579-1","https://ubuntu.com/USN-4580-1","https://www.debian.org/security/2021/dsa-4978","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695","https://launchpad.net/bugs/1883840","https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html","https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T/","https://security.netapp.com/advisory/ntap-20210304-0006/","https://ubuntu.com/USN-4576-1","https://ubuntu.com/USN-4577-1","https://ubuntu.com/USN-4578-1","https://ubuntu.com/USN-4579-1","https://ubuntu.com/USN-4580-1","https://www.debian.org/security/2021/dsa-4978"],"published_time":"2021-01-14T01:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29385","summary":"GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00634,"ranking_epss":0.70377,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166","https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS","https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/","https://security.gentoo.org/glsa/202012-15","https://ubuntu.com/security/CVE-2020-29385","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166","https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS","https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/","https://security.gentoo.org/glsa/202012-15","https://ubuntu.com/security/CVE-2020-29385"],"published_time":"2020-12-26T02:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27350","summary":"APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;","cvss":5.7,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/bugs/1899193","https://security.netapp.com/advisory/ntap-20210108-0005/","https://usn.ubuntu.com/usn/usn-4667-1","https://www.debian.org/security/2020/dsa-4808","https://bugs.launchpad.net/bugs/1899193","https://security.netapp.com/advisory/ntap-20210108-0005/","https://usn.ubuntu.com/usn/usn-4667-1","https://www.debian.org/security/2020/dsa-4808"],"published_time":"2020-12-10T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27351","summary":"Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;","cvss":2.0,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.0,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/bugs/1899193","https://usn.ubuntu.com/usn/usn-4668-1","https://www.debian.org/security/2020/dsa-4809","https://bugs.launchpad.net/bugs/1899193","https://usn.ubuntu.com/usn/usn-4668-1","https://www.debian.org/security/2020/dsa-4809"],"published_time":"2020-12-10T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16128","summary":"The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.","cvss":3.8,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513","https://usn.ubuntu.com/usn/usn-4664-1","https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513","https://usn.ubuntu.com/usn/usn-4664-1"],"published_time":"2020-12-09T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27349","summary":"Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193","https://usn.ubuntu.com/usn/usn-4664-1","https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193","https://usn.ubuntu.com/usn/usn-4664-1"],"published_time":"2020-12-09T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27348","summary":"In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/bugs/1901572","https://github.com/snapcore/snapcraft/pull/3345","https://usn.ubuntu.com/usn/usn-4661-1","https://bugs.launchpad.net/bugs/1901572","https://github.com/snapcore/snapcraft/pull/3345","https://usn.ubuntu.com/usn/usn-4661-1"],"published_time":"2020-12-04T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16123","summary":"An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1895928","https://ubuntu.com/USN-4640-1","https://launchpad.net/bugs/1895928","https://ubuntu.com/USN-4640-1"],"published_time":"2020-12-04T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29372","summary":"An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.1833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=2029","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0c4d1e176eeb614dc8734fc3ace34292771f11","http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=2029","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0c4d1e176eeb614dc8734fc3ace34292771f11"],"published_time":"2020-11-28T07:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0569","summary":"Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.","cvss":5.7,"cvss_version":3.0,"cvss_v2":2.7,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0033,"ranking_epss":0.56016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"],"published_time":"2020-11-23T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15710","summary":"Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.","cvss":5.3,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1884738","https://ubuntu.com/USN-4519-1","https://launchpad.net/bugs/1884738","https://ubuntu.com/USN-4519-1"],"published_time":"2020-11-19T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16121","summary":"PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.27958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887","https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html","https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887","https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"],"published_time":"2020-11-07T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16122","summary":"PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.","cvss":8.2,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":8.2,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098","https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"],"published_time":"2020-11-07T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15708","summary":"Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.","cvss":9.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.36008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/usn/usn-4452-1","https://usn.ubuntu.com/usn/usn-4452-1"],"published_time":"2020-11-06T02:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-28039","summary":"is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.05996,"ranking_epss":0.90687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad","https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/","https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/","https://wpscan.com/vulnerability/10452","https://www.debian.org/security/2020/dsa-4784","https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad","https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/","https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/","https://wpscan.com/vulnerability/10452","https://www.debian.org/security/2020/dsa-4784"],"published_time":"2020-11-02T21:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-28040","summary":"WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00306,"ranking_epss":0.53857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/","https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/","https://www.debian.org/security/2020/dsa-4784","https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/","https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/","https://www.debian.org/security/2020/dsa-4784"],"published_time":"2020-11-02T21:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14837","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.42714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-10-21T15:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15157","summary":"In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.","cvss":6.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00777,"ranking_epss":0.73625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/containerd/containerd/releases/tag/v1.2.14","https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c","https://usn.ubuntu.com/4589-1/","https://usn.ubuntu.com/4589-2/","https://www.debian.org/security/2021/dsa-4865","https://github.com/containerd/containerd/releases/tag/v1.2.14","https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c","https://usn.ubuntu.com/4589-1/","https://usn.ubuntu.com/4589-2/","https://www.debian.org/security/2021/dsa-4865"],"published_time":"2020-10-16T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25645","summary":"A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0039,"ranking_epss":0.60071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html","http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=1883988","https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html","https://security.netapp.com/advisory/ntap-20201103-0004/","https://www.debian.org/security/2020/dsa-4774","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html","http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=1883988","https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html","https://security.netapp.com/advisory/ntap-20201103-0004/","https://www.debian.org/security/2020/dsa-4774"],"published_time":"2020-10-13T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14355","summary":"Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.","cvss":6.6,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":6.6,"cvss_v4":null,"epss":0.01111,"ranking_epss":0.78144,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html","https://bugzilla.redhat.com/show_bug.cgi?id=1868435","https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html","https://usn.ubuntu.com/4572-1/","https://usn.ubuntu.com/4572-2/","https://www.debian.org/security/2020/dsa-4771","https://www.openwall.com/lists/oss-security/2020/10/06/10","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html","https://bugzilla.redhat.com/show_bug.cgi?id=1868435","https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html","https://usn.ubuntu.com/4572-1/","https://usn.ubuntu.com/4572-2/","https://www.debian.org/security/2020/dsa-4771","https://www.openwall.com/lists/oss-security/2020/10/06/10"],"published_time":"2020-10-07T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25641","summary":"A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html","http://www.openwall.com/lists/oss-security/2020/10/06/9","https://bugzilla.redhat.com/show_bug.cgi?id=1881424","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://usn.ubuntu.com/4576-1/","https://www.kernel.org/doc/html/latest/block/biovecs.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html","http://www.openwall.com/lists/oss-security/2020/10/06/9","https://bugzilla.redhat.com/show_bug.cgi?id=1881424","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://usn.ubuntu.com/4576-1/","https://www.kernel.org/doc/html/latest/block/biovecs.html"],"published_time":"2020-10-06T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7069","summary":"In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.","cvss":5.4,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":5.4,"cvss_v4":null,"epss":0.08351,"ranking_epss":0.92296,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html","https://bugs.php.net/bug.php?id=79601","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/","https://security.gentoo.org/glsa/202012-16","https://security.netapp.com/advisory/ntap-20201016-0001/","https://usn.ubuntu.com/4583-1/","https://www.debian.org/security/2021/dsa-4856","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html","https://bugs.php.net/bug.php?id=79601","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/","https://security.gentoo.org/glsa/202012-16","https://security.netapp.com/advisory/ntap-20201016-0001/","https://usn.ubuntu.com/4583-1/","https://www.debian.org/security/2021/dsa-4856","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.tenable.com/security/tns-2021-14"],"published_time":"2020-10-02T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7070","summary":"In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.","cvss":4.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.26088,"ranking_epss":0.96285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://cve.circl.lu/cve/CVE-2020-8184","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html","https://bugs.php.net/bug.php?id=79699","https://hackerone.com/reports/895727","https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/","https://security.gentoo.org/glsa/202012-16","https://security.netapp.com/advisory/ntap-20201016-0001/","https://usn.ubuntu.com/4583-1/","https://www.debian.org/security/2021/dsa-4856","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.tenable.com/security/tns-2021-14","http://cve.circl.lu/cve/CVE-2020-8184","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html","https://bugs.php.net/bug.php?id=79699","https://hackerone.com/reports/895727","https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/","https://security.gentoo.org/glsa/202012-16","https://security.netapp.com/advisory/ntap-20201016-0001/","https://usn.ubuntu.com/4583-1/","https://www.debian.org/security/2021/dsa-4856","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.tenable.com/security/tns-2021-14"],"published_time":"2020-10-02T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14374","summary":"A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00159,"ranking_epss":0.36702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879466","https://www.openwall.com/lists/oss-security/2020/09/28/3","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879466","https://www.openwall.com/lists/oss-security/2020/09/28/3"],"published_time":"2020-09-30T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14375","summary":"A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879468","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879468","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3"],"published_time":"2020-09-30T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14376","summary":"A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2485,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879470","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879470","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3"],"published_time":"2020-09-30T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14377","summary":"A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879472","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879472","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3"],"published_time":"2020-09-30T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14378","summary":"An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879473","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html","http://www.openwall.com/lists/oss-security/2021/01/04/1","http://www.openwall.com/lists/oss-security/2021/01/04/2","http://www.openwall.com/lists/oss-security/2021/01/04/5","https://bugzilla.redhat.com/show_bug.cgi?id=1879473","https://usn.ubuntu.com/4550-1/","https://www.openwall.com/lists/oss-security/2020/09/28/3"],"published_time":"2020-09-30T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-26137","summary":"urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.python.org/issue39603","https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b","https://github.com/urllib3/urllib3/pull/1800","https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","https://usn.ubuntu.com/4570-1/","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://bugs.python.org/issue39603","https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b","https://github.com/urllib3/urllib3/pull/1800","https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","https://usn.ubuntu.com/4570-1/","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-09-30T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-26116","summary":"http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.","cvss":7.2,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00903,"ranking_epss":0.75699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html","https://bugs.python.org/issue39603","https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/","https://python-security.readthedocs.io/vuln/http-header-injection-method.html","https://security.gentoo.org/glsa/202101-18","https://security.netapp.com/advisory/ntap-20201023-0001/","https://usn.ubuntu.com/4581-1/","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html","https://bugs.python.org/issue39603","https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/","https://python-security.readthedocs.io/vuln/http-header-injection-method.html","https://security.gentoo.org/glsa/202101-18","https://security.netapp.com/advisory/ntap-20201023-0001/","https://usn.ubuntu.com/4581-1/","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-09-27T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-26088","summary":"A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.0226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2","https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://usn.ubuntu.com/4578-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2","https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://usn.ubuntu.com/4578-1/"],"published_time":"2020-09-24T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25739","summary":"An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7","https://lists.debian.org/debian-lts-announce/2020/09/msg00018.html","https://usn.ubuntu.com/4560-1/","https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7","https://lists.debian.org/debian-lts-announce/2020/09/msg00018.html","https://usn.ubuntu.com/4560-1/"],"published_time":"2020-09-23T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20919","summary":"An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html","https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...","https://usn.ubuntu.com/4534-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html","https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...","https://usn.ubuntu.com/4534-1/"],"published_time":"2020-09-17T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14382","summary":"A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement \"intervals = malloc(first_backup * sizeof(*intervals));\"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00282,"ranking_epss":0.51615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1874712","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/","https://usn.ubuntu.com/4493-1/","https://bugzilla.redhat.com/show_bug.cgi?id=1874712","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/","https://usn.ubuntu.com/4493-1/"],"published_time":"2020-09-16T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14392","summary":"An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643","https://usn.ubuntu.com/4503-1/","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643","https://usn.ubuntu.com/4503-1/"],"published_time":"2020-09-16T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14385","summary":"A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://usn.ubuntu.com/4576-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://usn.ubuntu.com/4576-1/"],"published_time":"2020-09-15T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14314","summary":"A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u","https://usn.ubuntu.com/4576-1/","https://usn.ubuntu.com/4578-1/","https://usn.ubuntu.com/4579-1/","https://www.starwindsoftware.com/security/sw-20210325-0003/","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u","https://usn.ubuntu.com/4576-1/","https://usn.ubuntu.com/4578-1/","https://usn.ubuntu.com/4579-1/","https://www.starwindsoftware.com/security/sw-20210325-0003/"],"published_time":"2020-09-15T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14346","summary":"A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1862246","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-1417/","https://bugzilla.redhat.com/show_bug.cgi?id=1862246","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-1417/"],"published_time":"2020-09-15T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14361","summary":"A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00233,"ranking_epss":0.46156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1869142","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-1418/","https://bugzilla.redhat.com/show_bug.cgi?id=1869142","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-1418/"],"published_time":"2020-09-15T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14362","summary":"A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1869144","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-1419/","https://bugzilla.redhat.com/show_bug.cgi?id=1869144","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-1419/"],"published_time":"2020-09-15T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14345","summary":"A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/01/15/1","https://bugzilla.redhat.com/show_bug.cgi?id=1862241","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://usn.ubuntu.com/4490-1/","https://www.zerodayinitiative.com/advisories/ZDI-20-1416/","http://www.openwall.com/lists/oss-security/2021/01/15/1","https://bugzilla.redhat.com/show_bug.cgi?id=1862241","https://lists.x.org/archives/xorg-announce/2020-August/003058.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-2/","https://usn.ubuntu.com/4490-1/","https://www.zerodayinitiative.com/advisories/ZDI-20-1416/"],"published_time":"2020-09-15T14:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8927","summary":"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.","cvss":5.3,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0031,"ranking_epss":0.54146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://github.com/google/brotli/releases/tag/v1.0.9","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://usn.ubuntu.com/4568-1/","https://www.debian.org/security/2020/dsa-4801","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://github.com/google/brotli/releases/tag/v1.0.9","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://usn.ubuntu.com/4568-1/","https://www.debian.org/security/2020/dsa-4801"],"published_time":"2020-09-15T10:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25285","summary":"A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.","cvss":6.4,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://security.netapp.com/advisory/ntap-20201009-0002/","https://twitter.com/grsecurity/status/1303749848898904067","https://usn.ubuntu.com/4576-1/","https://usn.ubuntu.com/4579-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://security.netapp.com/advisory/ntap-20201009-0002/","https://twitter.com/grsecurity/status/1303749848898904067","https://usn.ubuntu.com/4576-1/","https://usn.ubuntu.com/4579-1/"],"published_time":"2020-09-13T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-7490","summary":"An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941","https://usn.ubuntu.com/4509-1/","https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941","https://usn.ubuntu.com/4509-1/"],"published_time":"2020-09-11T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25219","summary":"url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00587,"ranking_epss":0.69093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html","https://github.com/libproxy/libproxy/issues/134","https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/","https://usn.ubuntu.com/4514-1/","https://www.debian.org/security/2020/dsa-4800","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html","https://github.com/libproxy/libproxy/issues/134","https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/","https://usn.ubuntu.com/4514-1/","https://www.debian.org/security/2020/dsa-4800"],"published_time":"2020-09-09T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24379","summary":"WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.","cvss":9.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01106,"ranking_epss":0.78095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/erlyaws/yaws/commits/master","https://github.com/vulnbe/poc-yaws-dav-xxe","https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html","https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html","https://usn.ubuntu.com/4569-1/","https://vuln.be/post/yaws-xxe-and-shell-injections/","https://www.debian.org/security/2020/dsa-4773","https://github.com/erlyaws/yaws/commits/master","https://github.com/vulnbe/poc-yaws-dav-xxe","https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html","https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html","https://usn.ubuntu.com/4569-1/","https://vuln.be/post/yaws-xxe-and-shell-injections/","https://www.debian.org/security/2020/dsa-4773"],"published_time":"2020-09-09T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24916","summary":"CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.44255,"ranking_epss":0.97551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/erlyaws/yaws/commits/master","https://github.com/vulnbe/poc-yaws-cgi-shell-injection","https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html","https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html","https://usn.ubuntu.com/4569-1/","https://vuln.be/post/yaws-xxe-and-shell-injections/","https://www.debian.org/security/2020/dsa-4773","https://github.com/erlyaws/yaws/commits/master","https://github.com/vulnbe/poc-yaws-cgi-shell-injection","https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html","https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html","https://usn.ubuntu.com/4569-1/","https://vuln.be/post/yaws-xxe-and-shell-injections/","https://www.debian.org/security/2020/dsa-4773"],"published_time":"2020-09-09T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25212","summary":"A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://twitter.com/grsecurity/status/1303370421958578179","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4527-1/","https://usn.ubuntu.com/4578-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://twitter.com/grsecurity/status/1303370421958578179","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4527-1/","https://usn.ubuntu.com/4578-1/"],"published_time":"2020-09-09T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1968","summary":"The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.01278,"ranking_epss":0.7956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html","https://security.gentoo.org/glsa/202210-02","https://security.netapp.com/advisory/ntap-20200911-0004/","https://usn.ubuntu.com/4504-1/","https://www.openssl.org/news/secadv/20200909.txt","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html","https://security.gentoo.org/glsa/202210-02","https://security.netapp.com/advisory/ntap-20200911-0004/","https://usn.ubuntu.com/4504-1/","https://www.openssl.org/news/secadv/20200909.txt","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-09-09T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24659","summary":"An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03633,"ranking_epss":0.87837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html","https://gitlab.com/gnutls/gnutls/-/issues/1071","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/","https://security.gentoo.org/glsa/202009-01","https://security.netapp.com/advisory/ntap-20200911-0006/","https://usn.ubuntu.com/4491-1/","https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html","https://gitlab.com/gnutls/gnutls/-/issues/1071","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/","https://security.gentoo.org/glsa/202009-01","https://security.netapp.com/advisory/ntap-20200911-0006/","https://usn.ubuntu.com/4491-1/","https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"],"published_time":"2020-09-04T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7729","summary":"The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.","cvss":7.1,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.02419,"ranking_epss":0.85123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249","https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7","https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922","https://snyk.io/vuln/SNYK-JS-GRUNT-597546","https://usn.ubuntu.com/4595-1/","https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249","https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7","https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922","https://snyk.io/vuln/SNYK-JS-GRUNT-597546","https://usn.ubuntu.com/4595-1/"],"published_time":"2020-09-03T09:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24654","summary":"In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00835,"ranking_epss":0.74626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00001.html","https://bugzilla.suse.com/show_bug.cgi?id=1175857","https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd","https://kde.org/info/security/advisory-20200827-1.txt","https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXMMXNJDYOCJRZTESIUGHG6CS4RJKECX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJOZ6YRNPZX5MJGVBMOCOA7N6Z4EU2OK/","https://security.gentoo.org/glsa/202010-06","https://security.gentoo.org/glsa/202101-06","https://usn.ubuntu.com/4482-1/","https://www.debian.org/security/2020/dsa-4759","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00001.html","https://bugzilla.suse.com/show_bug.cgi?id=1175857","https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd","https://kde.org/info/security/advisory-20200827-1.txt","https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXMMXNJDYOCJRZTESIUGHG6CS4RJKECX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJOZ6YRNPZX5MJGVBMOCOA7N6Z4EU2OK/","https://security.gentoo.org/glsa/202010-06","https://security.gentoo.org/glsa/202101-06","https://usn.ubuntu.com/4482-1/","https://www.debian.org/security/2020/dsa-4759"],"published_time":"2020-09-02T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15810","summary":"An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00211,"ranking_epss":0.43571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html","https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m","https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/","https://security.netapp.com/advisory/ntap-20210219-0007/","https://security.netapp.com/advisory/ntap-20210226-0006/","https://security.netapp.com/advisory/ntap-20210226-0007/","https://usn.ubuntu.com/4477-1/","https://usn.ubuntu.com/4551-1/","https://www.debian.org/security/2020/dsa-4751","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html","https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m","https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/","https://security.netapp.com/advisory/ntap-20210219-0007/","https://security.netapp.com/advisory/ntap-20210226-0006/","https://security.netapp.com/advisory/ntap-20210226-0007/","https://usn.ubuntu.com/4477-1/","https://usn.ubuntu.com/4551-1/","https://www.debian.org/security/2020/dsa-4751"],"published_time":"2020-09-02T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15811","summary":"An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00251,"ranking_epss":0.48465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html","https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv","https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/","https://security.netapp.com/advisory/ntap-20210219-0007/","https://security.netapp.com/advisory/ntap-20210226-0006/","https://security.netapp.com/advisory/ntap-20210226-0007/","https://usn.ubuntu.com/4477-1/","https://usn.ubuntu.com/4551-1/","https://www.debian.org/security/2020/dsa-4751","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html","https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv","https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/","https://security.netapp.com/advisory/ntap-20210219-0007/","https://security.netapp.com/advisory/ntap-20210226-0006/","https://security.netapp.com/advisory/ntap-20210226-0007/","https://usn.ubuntu.com/4477-1/","https://usn.ubuntu.com/4551-1/","https://www.debian.org/security/2020/dsa-4751"],"published_time":"2020-09-02T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24583","summary":"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03426,"ranking_epss":0.87463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.djangoproject.com/en/dev/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM","https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","https://security.netapp.com/advisory/ntap-20200918-0004/","https://usn.ubuntu.com/4479-1/","https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","https://www.openwall.com/lists/oss-security/2020/09/01/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://docs.djangoproject.com/en/dev/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM","https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","https://security.netapp.com/advisory/ntap-20200918-0004/","https://usn.ubuntu.com/4479-1/","https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","https://www.openwall.com/lists/oss-security/2020/09/01/2","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-09-01T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24584","summary":"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0329,"ranking_epss":0.87201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.djangoproject.com/en/dev/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM","https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","https://security.netapp.com/advisory/ntap-20200918-0004/","https://usn.ubuntu.com/4479-1/","https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","https://www.openwall.com/lists/oss-security/2020/09/01/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://docs.djangoproject.com/en/dev/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM","https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","https://security.netapp.com/advisory/ntap-20200918-0004/","https://usn.ubuntu.com/4479-1/","https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","https://www.openwall.com/lists/oss-security/2020/09/01/2","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-09-01T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15704","summary":"The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://ubuntu.com/security/notices/USN-4451-1","https://ubuntu.com/security/notices/USN-4451-2","https://ubuntu.com/security/notices/USN-4451-1","https://ubuntu.com/security/notices/USN-4451-2"],"published_time":"2020-09-01T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14364","summary":"An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.","cvss":5.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":5.0,"cvss_v4":null,"epss":0.13903,"ranking_epss":0.94309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html","https://bugzilla.redhat.com/show_bug.cgi?id=1869201","https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/","https://security.gentoo.org/glsa/202009-14","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200924-0006/","https://usn.ubuntu.com/4511-1/","https://www.debian.org/security/2020/dsa-4760","https://www.openwall.com/lists/oss-security/2020/08/24/2","https://www.openwall.com/lists/oss-security/2020/08/24/3","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html","https://bugzilla.redhat.com/show_bug.cgi?id=1869201","https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/","https://security.gentoo.org/glsa/202009-14","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200924-0006/","https://usn.ubuntu.com/4511-1/","https://www.debian.org/security/2020/dsa-4760","https://www.openwall.com/lists/oss-security/2020/08/24/2","https://www.openwall.com/lists/oss-security/2020/08/24/3"],"published_time":"2020-08-31T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12829","summary":"In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.","cvss":3.8,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.8,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1808510","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4760","https://bugzilla.redhat.com/show_bug.cgi?id=1808510","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4760"],"published_time":"2020-08-31T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14415","summary":"oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357","https://usn.ubuntu.com/4467-1/","https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357","https://usn.ubuntu.com/4467-1/"],"published_time":"2020-08-27T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24606","summary":"Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.","cvss":8.6,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":8.6,"cvss_v4":null,"epss":0.06342,"ranking_epss":0.90987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html","http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch","https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg","https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/","https://security.netapp.com/advisory/ntap-20210219-0007/","https://security.netapp.com/advisory/ntap-20210226-0006/","https://security.netapp.com/advisory/ntap-20210226-0007/","https://usn.ubuntu.com/4477-1/","https://usn.ubuntu.com/4551-1/","https://www.debian.org/security/2020/dsa-4751","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html","http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch","https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg","https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/","https://security.netapp.com/advisory/ntap-20210219-0007/","https://security.netapp.com/advisory/ntap-20210226-0006/","https://security.netapp.com/advisory/ntap-20210226-0007/","https://usn.ubuntu.com/4477-1/","https://usn.ubuntu.com/4551-1/","https://www.debian.org/security/2020/dsa-4751"],"published_time":"2020-08-24T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14367","summary":"A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.","cvss":6.0,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":6.0,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1870298","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/","https://security.gentoo.org/glsa/202008-23","https://usn.ubuntu.com/4475-1/","https://bugzilla.redhat.com/show_bug.cgi?id=1870298","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/","https://security.gentoo.org/glsa/202008-23","https://usn.ubuntu.com/4475-1/"],"published_time":"2020-08-24T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14350","summary":"It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.","cvss":7.3,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html","https://bugzilla.redhat.com/show_bug.cgi?id=1865746","https://lists.debian.org/debian-lts-announce/2020/08/msg00028.html","https://security.gentoo.org/glsa/202008-13","https://security.netapp.com/advisory/ntap-20200918-0002/","https://usn.ubuntu.com/4472-1/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html","https://bugzilla.redhat.com/show_bug.cgi?id=1865746","https://lists.debian.org/debian-lts-announce/2020/08/msg00028.html","https://security.gentoo.org/glsa/202008-13","https://security.netapp.com/advisory/ntap-20200918-0002/","https://usn.ubuntu.com/4472-1/"],"published_time":"2020-08-24T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8620","summary":"In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.08369,"ranking_epss":0.92305,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8620","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.synology.com/security/advisory/Synology_SA_20_19","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8620","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.synology.com/security/advisory/Synology_SA_20_19"],"published_time":"2020-08-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8621","summary":"In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04879,"ranking_epss":0.89571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8621","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.synology.com/security/advisory/Synology_SA_20_19","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8621","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.synology.com/security/advisory/Synology_SA_20_19"],"published_time":"2020-08-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8622","summary":"In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02629,"ranking_epss":0.85682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8622","https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://usn.ubuntu.com/4468-2/","https://www.debian.org/security/2020/dsa-4752","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.synology.com/security/advisory/Synology_SA_20_19","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8622","https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://usn.ubuntu.com/4468-2/","https://www.debian.org/security/2020/dsa-4752","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.synology.com/security/advisory/Synology_SA_20_19"],"published_time":"2020-08-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8623","summary":"In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.18318,"ranking_epss":0.95216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8623","https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.debian.org/security/2020/dsa-4752","https://www.synology.com/security/advisory/Synology_SA_20_19","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8623","https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.debian.org/security/2020/dsa-4752","https://www.synology.com/security/advisory/Synology_SA_20_19"],"published_time":"2020-08-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8624","summary":"In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01632,"ranking_epss":0.81901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8624","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.debian.org/security/2020/dsa-4752","https://www.synology.com/security/advisory/Synology_SA_20_19","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8624","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/","https://security.gentoo.org/glsa/202008-19","https://security.netapp.com/advisory/ntap-20200827-0003/","https://usn.ubuntu.com/4468-1/","https://www.debian.org/security/2020/dsa-4752","https://www.synology.com/security/advisory/Synology_SA_20_19"],"published_time":"2020-08-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15861","summary":"Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599","https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","https://github.com/net-snmp/net-snmp/issues/145","https://security.gentoo.org/glsa/202008-12","https://security.netapp.com/advisory/ntap-20200904-0001/","https://usn.ubuntu.com/4471-1/","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599","https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","https://github.com/net-snmp/net-snmp/issues/145","https://security.gentoo.org/glsa/202008-12","https://security.netapp.com/advisory/ntap-20200904-0001/","https://usn.ubuntu.com/4471-1/"],"published_time":"2020-08-20T01:17:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15862","summary":"Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166","https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e","https://security-tracker.debian.org/tracker/CVE-2020-15862","https://security.gentoo.org/glsa/202008-12","https://security.netapp.com/advisory/ntap-20200904-0001/","https://usn.ubuntu.com/4471-1/","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166","https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e","https://security-tracker.debian.org/tracker/CVE-2020-15862","https://security.gentoo.org/glsa/202008-12","https://security.netapp.com/advisory/ntap-20200904-0001/","https://usn.ubuntu.com/4471-1/"],"published_time":"2020-08-20T01:17:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14356","summary":"A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00765,"ranking_epss":0.73439,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html","https://bugzilla.kernel.org/show_bug.cgi?id=208003","https://bugzilla.redhat.com/show_bug.cgi?id=1868453","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/","https://security.netapp.com/advisory/ntap-20200904-0002/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4484-1/","https://usn.ubuntu.com/4526-1/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html","https://bugzilla.kernel.org/show_bug.cgi?id=208003","https://bugzilla.redhat.com/show_bug.cgi?id=1868453","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/","https://security.netapp.com/advisory/ntap-20200904-0002/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4484-1/","https://usn.ubuntu.com/4526-1/"],"published_time":"2020-08-19T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-24394","summary":"In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832","https://security.netapp.com/advisory/ntap-20200904-0003/","https://usn.ubuntu.com/4465-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.starwindsoftware.com/security/sw-20210325-0004/","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832","https://security.netapp.com/advisory/ntap-20200904-0003/","https://usn.ubuntu.com/4465-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.starwindsoftware.com/security/sw-20210325-0004/"],"published_time":"2020-08-19T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1472","summary":"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.\nTo exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.\nMicrosoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.\nFor guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see  How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).\nWhen the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.","cvss":5.5,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.9438,"ranking_epss":0.99969,"kev":true,"propose_action":"Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.","ransomware_campaign":"Known","references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html","http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html","http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html","http://www.openwall.com/lists/oss-security/2020/09/17/2","https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472","https://security.gentoo.org/glsa/202012-24","https://usn.ubuntu.com/4510-1/","https://usn.ubuntu.com/4510-2/","https://usn.ubuntu.com/4559-1/","https://www.kb.cert.org/vuls/id/490028","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.synology.com/security/advisory/Synology_SA_20_21","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html","http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html","http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html","http://www.openwall.com/lists/oss-security/2020/09/17/2","https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472","https://security.gentoo.org/glsa/202012-24","https://usn.ubuntu.com/4510-1/","https://usn.ubuntu.com/4510-2/","https://usn.ubuntu.com/4559-1/","https://www.kb.cert.org/vuls/id/490028","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.synology.com/security/advisory/Synology_SA_20_21","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1472"],"published_time":"2020-08-17T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16304","summary":"A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00474,"ranking_epss":0.64744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209","https://bugs.ghostscript.com/show_bug.cgi?id=701816","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/base/gxicolor.c?h=ghostscript-9.18#n825","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=027c546e0dd11e0526f1780a7f3c2c66acffe209","https://bugs.ghostscript.com/show_bug.cgi?id=701816","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16305","summary":"A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00474,"ranking_epss":0.64749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701819","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2793769ff107d8d22dadd30c6e68cd781b569550","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701819","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2793769ff107d8d22dadd30c6e68cd781b569550","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16306","summary":"A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01771,"ranking_epss":0.82649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=aadb53eb834b3def3ef68d78865ff87a68901804","https://bugs.ghostscript.com/show_bug.cgi?id=701821","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=aadb53eb834b3def3ef68d78865ff87a68901804","https://bugs.ghostscript.com/show_bug.cgi?id=701821","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16307","summary":"A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01771,"ranking_epss":0.82649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=407c98a38c3a6ac1681144ed45cc2f4fc374c91f","https://bugs.ghostscript.com/show_bug.cgi?id=701822","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=407c98a38c3a6ac1681144ed45cc2f4fc374c91f","https://bugs.ghostscript.com/show_bug.cgi?id=701822","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16308","summary":"A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01091,"ranking_epss":0.77947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701829","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=af004276fd8f6c305727183c159b83021020f7d6","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701829","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=af004276fd8f6c305727183c159b83021020f7d6","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16309","summary":"A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01475,"ranking_epss":0.80959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701827","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6f7464dddc689386668a38b92dfd03cc1b38a10","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701827","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6f7464dddc689386668a38b92dfd03cc1b38a10","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16310","summary":"A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01789,"ranking_epss":0.82746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701828","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=eaba1d97b62831b42c51840cc8ee2bc4576c942e","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701828","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=eaba1d97b62831b42c51840cc8ee2bc4576c942e","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-17538","summary":"A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0068,"ranking_epss":0.71577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701792","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/lips4/gdevlips.c?h=ghostscript-9.18#n148","https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701792","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16292","summary":"A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01091,"ranking_epss":0.77947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701793","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=863ada11f9a942a622a581312e2be022d9e2a6f7","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701793","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=863ada11f9a942a622a581312e2be022d9e2a6f7","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16293","summary":"A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01311,"ranking_epss":0.79799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701795","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7870f4951bcc6a153f317e3439e14d0e929fd231","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701795","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7870f4951bcc6a153f317e3439e14d0e929fd231","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16294","summary":"A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00743,"ranking_epss":0.73007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701794","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=89f58f1aa95b3482cadf6977da49457194ee5358","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701794","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=89f58f1aa95b3482cadf6977da49457194ee5358","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16295","summary":"A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00467,"ranking_epss":0.64406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Bh=2c2dc335c212750e0fb8ae157063bc06cafa8d3e","https://bugs.ghostscript.com/show_bug.cgi?id=701796","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=2c2dc335c212750e0fb8ae157063bc06cafa8d3e","https://bugs.ghostscript.com/show_bug.cgi?id=701796","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16296","summary":"A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00434,"ranking_epss":0.62807,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701792","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/lips4/gdevlips.c?h=ghostscript-9.18#n163","https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701792","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16297","summary":"A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00432,"ranking_epss":0.62636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701800","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/gdevbjca.c?h=ghostpdl-9.18#n659","https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701800","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16298","summary":"A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01421,"ranking_epss":0.8059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701799","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=849e74e5ab450dd581942192da7101e0664fa5af","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701799","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=849e74e5ab450dd581942192da7101e0664fa5af","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16299","summary":"A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00826,"ranking_epss":0.74471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701801","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=4fcbece46870","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701801","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=4fcbece46870","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16300","summary":"A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01091,"ranking_epss":0.77947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701807","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=714e8995cd582d418276915cbbec3c70711fb19e","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701807","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=714e8995cd582d418276915cbbec3c70711fb19e","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16301","summary":"A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00805,"ranking_epss":0.74144,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701808","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701808","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16302","summary":"A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00791,"ranking_epss":0.73889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701815","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=366ad48d076c1aa4c8f83c65011258a04e348207","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701815","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=366ad48d076c1aa4c8f83c65011258a04e348207","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16303","summary":"A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02945,"ranking_epss":0.86445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701818","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=94d8955cb77","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701818","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=94d8955cb77","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16287","summary":"A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01421,"ranking_epss":0.8059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701785","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=450da26a76286a8342ec0864b3d113856709f8f6","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701785","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=450da26a76286a8342ec0864b3d113856709f8f6","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16288","summary":"A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01091,"ranking_epss":0.77947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Bh=aba3375ac24f8e02659d9b1eb9093909618cdb9f","https://bugs.ghostscript.com/show_bug.cgi?id=701791","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=aba3375ac24f8e02659d9b1eb9093909618cdb9f","https://bugs.ghostscript.com/show_bug.cgi?id=701791","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16289","summary":"A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01421,"ranking_epss":0.8059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.ghostscript.com/show_bug.cgi?id=701788","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d31e25ed5b130499e0d880e4609b1b4824699768","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","https://bugs.ghostscript.com/show_bug.cgi?id=701788","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d31e25ed5b130499e0d880e4609b1b4824699768","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16290","summary":"A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01421,"ranking_epss":0.8059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Bh=93cb0c0adbd9bcfefd021d59c472388f67d3300d","https://bugs.ghostscript.com/show_bug.cgi?id=701786","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=93cb0c0adbd9bcfefd021d59c472388f67d3300d","https://bugs.ghostscript.com/show_bug.cgi?id=701786","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16291","summary":"A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00432,"ranking_epss":0.62636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6","https://bugs.ghostscript.com/show_bug.cgi?id=701787","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4f73e8b4d578e69a17f452fa60d2130c5faaefd6","https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/tree/contrib/gdevdj9.c?h=ghostpdl-9.18#n824","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=4f73e8b4d578e69a17f452fa60d2130c5faaefd6","https://bugs.ghostscript.com/show_bug.cgi?id=701787","https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4469-1/","https://www.debian.org/security/2020/dsa-4748"],"published_time":"2020-08-13T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12100","summary":"In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.19614,"ranking_epss":0.95417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Jan/18","http://www.openwall.com/lists/oss-security/2020/08/12/1","http://www.openwall.com/lists/oss-security/2021/01/04/3","https://dovecot.org/security","https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/","https://security.gentoo.org/glsa/202009-02","https://usn.ubuntu.com/4456-1/","https://usn.ubuntu.com/4456-2/","https://www.debian.org/security/2020/dsa-4745","http://seclists.org/fulldisclosure/2021/Jan/18","http://www.openwall.com/lists/oss-security/2020/08/12/1","http://www.openwall.com/lists/oss-security/2021/01/04/3","https://dovecot.org/security","https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/","https://security.gentoo.org/glsa/202009-02","https://usn.ubuntu.com/4456-1/","https://usn.ubuntu.com/4456-2/","https://www.debian.org/security/2020/dsa-4745"],"published_time":"2020-08-12T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12673","summary":"In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04381,"ranking_epss":0.88985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html","https://dovecot.org/security","https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/","https://security.gentoo.org/glsa/202009-02","https://usn.ubuntu.com/4456-1/","https://usn.ubuntu.com/4456-2/","https://www.debian.org/security/2020/dsa-4745","https://www.openwall.com/lists/oss-security/2020/08/12/2","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html","https://dovecot.org/security","https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/","https://security.gentoo.org/glsa/202009-02","https://usn.ubuntu.com/4456-1/","https://usn.ubuntu.com/4456-2/","https://www.debian.org/security/2020/dsa-4745","https://www.openwall.com/lists/oss-security/2020/08/12/2"],"published_time":"2020-08-12T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12674","summary":"In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.21313,"ranking_epss":0.95687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html","https://dovecot.org/security","https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/","https://security.gentoo.org/glsa/202009-02","https://usn.ubuntu.com/4456-1/","https://usn.ubuntu.com/4456-2/","https://www.debian.org/security/2020/dsa-4745","https://www.openwall.com/lists/oss-security/2020/08/12/3","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html","https://dovecot.org/security","https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/","https://security.gentoo.org/glsa/202009-02","https://usn.ubuntu.com/4456-1/","https://usn.ubuntu.com/4456-2/","https://www.debian.org/security/2020/dsa-4745","https://www.openwall.com/lists/oss-security/2020/08/12/3"],"published_time":"2020-08-12T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-17489","summary":"An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)","cvss":4.3,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.3541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html","https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997","https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html","https://security.gentoo.org/glsa/202009-08","https://usn.ubuntu.com/4464-1/","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html","https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997","https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html","https://security.gentoo.org/glsa/202009-08","https://usn.ubuntu.com/4464-1/"],"published_time":"2020-08-11T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16092","summary":"In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.","cvss":3.8,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html","http://www.openwall.com/lists/oss-security/2020/08/10/1","https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html","https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html","https://security.gentoo.org/glsa/202208-27","https://security.netapp.com/advisory/ntap-20200821-0006/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4760","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html","http://www.openwall.com/lists/oss-security/2020/08/10/1","https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html","https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html","https://security.gentoo.org/glsa/202208-27","https://security.netapp.com/advisory/ntap-20200821-0006/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4760"],"published_time":"2020-08-11T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15652","summary":"By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01055,"ranking_epss":0.77592,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1634872","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-31/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","https://www.mozilla.org/security/advisories/mfsa2020-35/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1634872","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-31/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","https://www.mozilla.org/security/advisories/mfsa2020-35/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15653","summary":"An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00284,"ranking_epss":0.51827,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1521542","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1521542","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15654","summary":"When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00491,"ranking_epss":0.65599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1648333","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1648333","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15655","summary":"A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00229,"ranking_epss":0.45753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1645204","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1645204","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15656","summary":"JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00695,"ranking_epss":0.71898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1647293","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1647293","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15658","summary":"The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00491,"ranking_epss":0.65599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1637745","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1637745","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15659","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0093,"ranking_epss":0.76088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-31/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","https://www.mozilla.org/security/advisories/mfsa2020-35/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678","https://usn.ubuntu.com/4443-1/","https://www.mozilla.org/security/advisories/mfsa2020-30/","https://www.mozilla.org/security/advisories/mfsa2020-31/","https://www.mozilla.org/security/advisories/mfsa2020-32/","https://www.mozilla.org/security/advisories/mfsa2020-33/","https://www.mozilla.org/security/advisories/mfsa2020-35/"],"published_time":"2020-08-10T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9490","summary":"Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via \"H2Push off\" will mitigate this vulnerability for unpatched servers.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.76276,"ranking_epss":0.98929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html","http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html","https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e%40%3Ccvs.httpd.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/","https://security.gentoo.org/glsa/202008-04","https://security.netapp.com/advisory/ntap-20200814-0005/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html","http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html","https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e%40%3Ccvs.httpd.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/","https://security.gentoo.org/glsa/202008-04","https://security.netapp.com/advisory/ntap-20200814-0005/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-08-07T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11984","summary":"Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.75348,"ranking_epss":0.98887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html","http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html","http://www.openwall.com/lists/oss-security/2020/08/08/1","http://www.openwall.com/lists/oss-security/2020/08/08/10","http://www.openwall.com/lists/oss-security/2020/08/08/8","http://www.openwall.com/lists/oss-security/2020/08/08/9","http://www.openwall.com/lists/oss-security/2020/08/10/5","http://www.openwall.com/lists/oss-security/2020/08/17/2","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","https://security.gentoo.org/glsa/202008-04","https://security.netapp.com/advisory/ntap-20200814-0005/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html","http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html","http://www.openwall.com/lists/oss-security/2020/08/08/1","http://www.openwall.com/lists/oss-security/2020/08/08/10","http://www.openwall.com/lists/oss-security/2020/08/08/8","http://www.openwall.com/lists/oss-security/2020/08/08/9","http://www.openwall.com/lists/oss-security/2020/08/10/5","http://www.openwall.com/lists/oss-security/2020/08/17/2","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","https://security.gentoo.org/glsa/202008-04","https://security.netapp.com/advisory/ntap-20200814-0005/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-08-07T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11993","summary":"Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.33361,"ranking_epss":0.96919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html","http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html","https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/","https://security.gentoo.org/glsa/202008-04","https://security.netapp.com/advisory/ntap-20200814-0005/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html","http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html","https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/","https://security.gentoo.org/glsa/202008-04","https://security.netapp.com/advisory/ntap-20200814-0005/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-08-07T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11937","summary":"In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sungjungk/whoopsie_killer","https://launchpad.net/bugs/1881982","https://usn.ubuntu.com/4450-1","https://usn.ubuntu.com/4450-1/","https://github.com/sungjungk/whoopsie_killer","https://launchpad.net/bugs/1881982","https://usn.ubuntu.com/4450-1","https://usn.ubuntu.com/4450-1/"],"published_time":"2020-08-06T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15701","summary":"An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00119,"ranking_epss":0.30863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1877023","https://usn.ubuntu.com/4449-1","https://usn.ubuntu.com/4449-1/","https://usn.ubuntu.com/4449-2/","https://launchpad.net/bugs/1877023","https://usn.ubuntu.com/4449-1","https://usn.ubuntu.com/4449-1/","https://usn.ubuntu.com/4449-2/"],"published_time":"2020-08-06T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15702","summary":"TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/4449-1","https://usn.ubuntu.com/4449-1/","https://usn.ubuntu.com/4449-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-979/","http://seclists.org/fulldisclosure/2025/Jun/9","https://usn.ubuntu.com/4449-1","https://usn.ubuntu.com/4449-1/","https://usn.ubuntu.com/4449-2/","https://www.zerodayinitiative.com/advisories/ZDI-20-979/"],"published_time":"2020-08-06T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14344","summary":"An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.","cvss":6.7,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/","https://lists.x.org/archives/xorg-announce/2020-July/003050.html","https://security.gentoo.org/glsa/202008-18","https://usn.ubuntu.com/4487-1/","https://usn.ubuntu.com/4487-2/","https://www.openwall.com/lists/oss-security/2020/07/31/1","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/","https://lists.x.org/archives/xorg-announce/2020-July/003050.html","https://security.gentoo.org/glsa/202008-18","https://usn.ubuntu.com/4487-1/","https://usn.ubuntu.com/4487-2/","https://www.openwall.com/lists/oss-security/2020/07/31/1"],"published_time":"2020-08-05T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14347","summary":"A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18386,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347","https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html","https://lists.x.org/archives/xorg-announce/2020-July/003051.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-1/","https://usn.ubuntu.com/4488-2/","https://www.debian.org/security/2020/dsa-4758","https://www.openwall.com/lists/oss-security/2020/07/31/2","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347","https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html","https://lists.x.org/archives/xorg-announce/2020-July/003051.html","https://security.gentoo.org/glsa/202012-01","https://usn.ubuntu.com/4488-1/","https://usn.ubuntu.com/4488-2/","https://www.debian.org/security/2020/dsa-4758","https://www.openwall.com/lists/oss-security/2020/07/31/2"],"published_time":"2020-08-05T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16116","summary":"In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00864,"ranking_epss":0.7509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00023.html","https://github.com/KDE/ark/commits/master","https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f","https://kde.org/info/security/advisory-20200730-1.txt","https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMVXSQNCBILVSJLX32ODNU6KUY2X7HRM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYRKQKUVU45ANH5TFYCYZN6HVP34N3UL/","https://security.gentoo.org/glsa/202008-03","https://usn.ubuntu.com/4461-1/","https://www.debian.org/security/2020/dsa-4738","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00023.html","https://github.com/KDE/ark/commits/master","https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f","https://kde.org/info/security/advisory-20200730-1.txt","https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMVXSQNCBILVSJLX32ODNU6KUY2X7HRM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYRKQKUVU45ANH5TFYCYZN6HVP34N3UL/","https://security.gentoo.org/glsa/202008-03","https://usn.ubuntu.com/4461-1/","https://www.debian.org/security/2020/dsa-4738"],"published_time":"2020-08-03T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14310","summary":"There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.","cvss":5.7,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16953,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310","https://security.gentoo.org/glsa/202104-05","https://usn.ubuntu.com/4432-1/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310","https://security.gentoo.org/glsa/202104-05","https://usn.ubuntu.com/4432-1/"],"published_time":"2020-07-31T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14311","summary":"There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.","cvss":5.7,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","http://www.openwall.com/lists/oss-security/2021/09/17/2","http://www.openwall.com/lists/oss-security/2021/09/17/4","http://www.openwall.com/lists/oss-security/2021/09/21/1","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311","https://security.gentoo.org/glsa/202104-05","https://usn.ubuntu.com/4432-1/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","http://www.openwall.com/lists/oss-security/2021/09/17/2","http://www.openwall.com/lists/oss-security/2021/09/17/4","http://www.openwall.com/lists/oss-security/2021/09/21/1","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311","https://security.gentoo.org/glsa/202104-05","https://usn.ubuntu.com/4432-1/"],"published_time":"2020-07-31T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16166","summary":"The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.01676,"ranking_epss":0.82159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html","https://arxiv.org/pdf/2012.07432.pdf","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638","https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/","https://security.netapp.com/advisory/ntap-20200814-0004/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html","https://arxiv.org/pdf/2012.07432.pdf","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638","https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/","https://security.netapp.com/advisory/ntap-20200814-0004/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2020-07-30T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-16135","summary":"libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.01782,"ranking_epss":0.82717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.libssh.org/T232","https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238","https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120","https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/","https://security.gentoo.org/glsa/202011-05","https://usn.ubuntu.com/4447-1/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://bugs.libssh.org/T232","https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238","https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120","https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/","https://security.gentoo.org/glsa/202011-05","https://usn.ubuntu.com/4447-1/","https://www.oracle.com/security-alerts/cpuapr2022.html"],"published_time":"2020-07-29T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15705","summary":"GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.","cvss":6.4,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html","http://ubuntu.com/security/notices/USN-4432-1","http://www.openwall.com/lists/oss-security/2020/07/29/3","http://www.openwall.com/lists/oss-security/2021/03/02/3","http://www.openwall.com/lists/oss-security/2021/09/17/2","http://www.openwall.com/lists/oss-security/2021/09/17/4","http://www.openwall.com/lists/oss-security/2021/09/21/1","https://access.redhat.com/security/vulnerabilities/grub2bootloader","https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","https://security.gentoo.org/glsa/202104-05","https://security.netapp.com/advisory/ntap-20200731-0008/","https://usn.ubuntu.com/4432-1/","https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","https://www.openwall.com/lists/oss-security/2020/07/29/3","https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","https://www.suse.com/support/kb/doc/?id=000019673","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html","http://ubuntu.com/security/notices/USN-4432-1","http://www.openwall.com/lists/oss-security/2020/07/29/3","http://www.openwall.com/lists/oss-security/2021/03/02/3","http://www.openwall.com/lists/oss-security/2021/09/17/2","http://www.openwall.com/lists/oss-security/2021/09/17/4","http://www.openwall.com/lists/oss-security/2021/09/21/1","https://access.redhat.com/security/vulnerabilities/grub2bootloader","https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","https://security.gentoo.org/glsa/202104-05","https://security.netapp.com/advisory/ntap-20200731-0008/","https://usn.ubuntu.com/4432-1/","https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","https://www.openwall.com/lists/oss-security/2020/07/29/3","https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","https://www.suse.com/support/kb/doc/?id=000019673"],"published_time":"2020-07-29T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15706","summary":"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.","cvss":6.4,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","http://ubuntu.com/security/notices/USN-4432-1","http://www.openwall.com/lists/oss-security/2020/07/29/3","https://access.redhat.com/security/vulnerabilities/grub2bootloader","https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","https://security.gentoo.org/glsa/202104-05","https://security.netapp.com/advisory/ntap-20200731-0008/","https://usn.ubuntu.com/4432-1/","https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","https://www.debian.org/security/2020/dsa-4735","https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","https://www.openwall.com/lists/oss-security/2020/07/29/3","https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","https://www.suse.com/support/kb/doc/?id=000019673","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","http://ubuntu.com/security/notices/USN-4432-1","http://www.openwall.com/lists/oss-security/2020/07/29/3","https://access.redhat.com/security/vulnerabilities/grub2bootloader","https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","https://security.gentoo.org/glsa/202104-05","https://security.netapp.com/advisory/ntap-20200731-0008/","https://usn.ubuntu.com/4432-1/","https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","https://www.debian.org/security/2020/dsa-4735","https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","https://www.openwall.com/lists/oss-security/2020/07/29/3","https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","https://www.suse.com/support/kb/doc/?id=000019673"],"published_time":"2020-07-29T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15707","summary":"Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.","cvss":5.7,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","http://ubuntu.com/security/notices/USN-4432-1","http://www.openwall.com/lists/oss-security/2020/07/29/3","https://access.redhat.com/security/vulnerabilities/grub2bootloader","https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","https://security.gentoo.org/glsa/202104-05","https://security.netapp.com/advisory/ntap-20200731-0008/","https://usn.ubuntu.com/4432-1/","https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","https://www.debian.org/security/2020/dsa-4735","https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","https://www.openwall.com/lists/oss-security/2020/07/29/3","https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","https://www.suse.com/support/kb/doc/?id=000019673","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html","http://ubuntu.com/security/notices/USN-4432-1","http://www.openwall.com/lists/oss-security/2020/07/29/3","https://access.redhat.com/security/vulnerabilities/grub2bootloader","https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","https://security.gentoo.org/glsa/202104-05","https://security.netapp.com/advisory/ntap-20200731-0008/","https://usn.ubuntu.com/4432-1/","https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","https://www.debian.org/security/2020/dsa-4735","https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","https://www.openwall.com/lists/oss-security/2020/07/29/3","https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","https://www.suse.com/support/kb/doc/?id=000019673"],"published_time":"2020-07-29T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11933","summary":"cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.","cvss":7.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1879530","https://ubuntu.com/USN-4424-1","https://launchpad.net/bugs/1879530","https://ubuntu.com/USN-4424-1"],"published_time":"2020-07-29T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11934","summary":"It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.","cvss":5.9,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1880085","https://ubuntu.com/USN-4424-1","https://launchpad.net/bugs/1880085","https://ubuntu.com/USN-4424-1"],"published_time":"2020-07-29T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15863","summary":"hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.1382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html","http://www.openwall.com/lists/oss-security/2020/07/22/1","https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555","https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html","https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html","https://security.gentoo.org/glsa/202208-27","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4760","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html","http://www.openwall.com/lists/oss-security/2020/07/22/1","https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555","https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html","https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html","https://security.gentoo.org/glsa/202208-27","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4760"],"published_time":"2020-07-28T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15900","summary":"A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.11034,"ranking_epss":0.93435,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html","https://artifex.com/security-advisories/CVE-2020-15900","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b","https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b","https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4445-1/","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html","https://artifex.com/security-advisories/CVE-2020-15900","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b","https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b","https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c","https://security.gentoo.org/glsa/202008-20","https://usn.ubuntu.com/4445-1/"],"published_time":"2020-07-28T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15103","summary":"In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto","cvss":3.5,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html","https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4","https://github.com/FreeRDP/FreeRDP/pull/6382","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html","https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4","https://github.com/FreeRDP/FreeRDP/pull/6382","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-07-27T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6514","summary":"Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.14455,"ranking_epss":0.94437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html","http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html","https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html","https://crbug.com/1076703","https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/","https://security.gentoo.org/glsa/202007-08","https://security.gentoo.org/glsa/202007-64","https://security.gentoo.org/glsa/202101-30","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211292","https://usn.ubuntu.com/4443-1/","https://www.debian.org/security/2020/dsa-4736","https://www.debian.org/security/2020/dsa-4740","https://www.debian.org/security/2021/dsa-4824","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html","http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html","https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html","https://crbug.com/1076703","https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/","https://security.gentoo.org/glsa/202007-08","https://security.gentoo.org/glsa/202007-64","https://security.gentoo.org/glsa/202101-30","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211292","https://usn.ubuntu.com/4443-1/","https://www.debian.org/security/2020/dsa-4736","https://www.debian.org/security/2020/dsa-4740","https://www.debian.org/security/2021/dsa-4824"],"published_time":"2020-07-22T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15890","summary":"LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00959,"ranking_epss":0.76463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/LuaJIT/LuaJIT/issues/601","https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html","https://usn.ubuntu.com/4501-1/","https://github.com/LuaJIT/LuaJIT/issues/601","https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html","https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html","https://usn.ubuntu.com/4501-1/"],"published_time":"2020-07-21T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3481","summary":"A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02963,"ranking_epss":0.86487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/","https://security.gentoo.org/glsa/202007-23","https://usn.ubuntu.com/4435-1/","https://usn.ubuntu.com/4435-2/","https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/","https://security.gentoo.org/glsa/202007-23","https://usn.ubuntu.com/4435-1/","https://usn.ubuntu.com/4435-2/"],"published_time":"2020-07-20T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14001","summary":"The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=\"/etc/passwd\") or unintended embedded Ruby code execution (such as a string that begins with template=\"string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.09348,"ranking_epss":0.92768,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/gettalong/kramdown","https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde","https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0","https://kramdown.gettalong.org","https://kramdown.gettalong.org/news.html","https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/","https://rubygems.org/gems/kramdown","https://security.netapp.com/advisory/ntap-20200731-0004/","https://usn.ubuntu.com/4562-1/","https://www.debian.org/security/2020/dsa-4743","https://github.com/gettalong/kramdown","https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde","https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0","https://kramdown.gettalong.org","https://kramdown.gettalong.org/news.html","https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/","https://rubygems.org/gems/kramdown","https://security.netapp.com/advisory/ntap-20200731-0004/","https://usn.ubuntu.com/4562-1/","https://www.debian.org/security/2020/dsa-4743"],"published_time":"2020-07-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14928","summary":"evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a \"begin TLS\" response, eds reads additional data and evaluates it in a TLS context, aka \"response injection.\"","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.06354,"ranking_epss":0.90995,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1173910","https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df","https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac","https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226","https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/","https://security-tracker.debian.org/tracker/DLA-2281-1","https://security-tracker.debian.org/tracker/DSA-4725-1","https://usn.ubuntu.com/4429-1/","https://www.debian.org/security/2020/dsa-4725","https://bugzilla.suse.com/show_bug.cgi?id=1173910","https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df","https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac","https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226","https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/","https://security-tracker.debian.org/tracker/DLA-2281-1","https://security-tracker.debian.org/tracker/DSA-4725-1","https://usn.ubuntu.com/4429-1/","https://www.debian.org/security/2020/dsa-4725"],"published_time":"2020-07-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15780","summary":"An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00695,"ranking_epss":0.71905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html","http://www.openwall.com/lists/oss-security/2020/07/20/7","http://www.openwall.com/lists/oss-security/2020/07/29/3","http://www.openwall.com/lists/oss-security/2020/07/30/2","http://www.openwall.com/lists/oss-security/2020/07/30/3","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354","https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh","https://usn.ubuntu.com/4425-1/","https://usn.ubuntu.com/4426-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://www.openwall.com/lists/oss-security/2020/06/15/3","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html","http://www.openwall.com/lists/oss-security/2020/07/20/7","http://www.openwall.com/lists/oss-security/2020/07/29/3","http://www.openwall.com/lists/oss-security/2020/07/30/2","http://www.openwall.com/lists/oss-security/2020/07/30/3","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354","https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh","https://usn.ubuntu.com/4425-1/","https://usn.ubuntu.com/4426-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://www.openwall.com/lists/oss-security/2020/06/15/3"],"published_time":"2020-07-15T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20908","summary":"An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.","cvss":6.7,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://www.openwall.com/lists/oss-security/2020/07/20/6","http://www.openwall.com/lists/oss-security/2020/07/29/3","http://www.openwall.com/lists/oss-security/2020/07/30/2","http://www.openwall.com/lists/oss-security/2020/07/30/3","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e","https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh","https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html","https://usn.ubuntu.com/4426-1/","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://www.openwall.com/lists/oss-security/2020/07/20/6","http://www.openwall.com/lists/oss-security/2020/07/29/3","http://www.openwall.com/lists/oss-security/2020/07/30/2","http://www.openwall.com/lists/oss-security/2020/07/30/3","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e","https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh","https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html","https://usn.ubuntu.com/4426-1/","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/"],"published_time":"2020-07-15T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14702","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00265,"ranking_epss":0.50014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14697","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","cvss":7.2,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00789,"ranking_epss":0.73865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14678","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","cvss":7.2,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00681,"ranking_epss":0.71581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14680","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00539,"ranking_epss":0.67601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14663","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","cvss":7.2,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00681,"ranking_epss":0.71581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14651","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","cvss":5.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.56731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14654","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14656","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14641","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00446,"ranking_epss":0.63453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14643","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","cvss":5.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.56731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14631","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14632","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14633","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).","cvss":2.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":2.7,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14634","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","cvss":2.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":2.7,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14619","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00546,"ranking_epss":0.67819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14620","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14621","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.64138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14623","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14624","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14614","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00436,"ranking_epss":0.63009,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14593","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.61226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14597","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00432,"ranking_epss":0.62651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14581","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00385,"ranking_epss":0.59703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14583","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"cvss_v4":null,"epss":0.01018,"ranking_epss":0.77208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14586","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.5425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14568","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00436,"ranking_epss":0.63009,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14573","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00385,"ranking_epss":0.59737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14575","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00432,"ranking_epss":0.62651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14576","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00658,"ranking_epss":0.71037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14577","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14578","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14579","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14559","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00647,"ranking_epss":0.70762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14562","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14556","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/","https://security.gentoo.org/glsa/202008-24","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200717-0005/","https://usn.ubuntu.com/4433-1/","https://usn.ubuntu.com/4453-1/","https://www.debian.org/security/2020/dsa-4734","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14550","summary":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":5.3,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00788,"ranking_epss":0.73835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210622-0001/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210622-0001/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14553","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00361,"ranking_epss":0.58233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14547","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14539","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00888,"ranking_epss":0.75496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14540","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200717-0004/","https://usn.ubuntu.com/4441-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-07-15T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13934","summary":"An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.2338,"ranking_epss":0.95961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","https://security.netapp.com/advisory/ntap-20200724-0003/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","https://security.netapp.com/advisory/ntap-20200724-0003/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-07-14T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13935","summary":"The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.91745,"ranking_epss":0.99685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","https://security.netapp.com/advisory/ntap-20200724-0003/","https://usn.ubuntu.com/4448-1/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","https://security.netapp.com/advisory/ntap-20200724-0003/","https://usn.ubuntu.com/4448-1/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-07-14T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13753","summary":"The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.","cvss":10.0,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":10.0,"cvss_v4":null,"epss":0.01219,"ranking_epss":0.79057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/","https://security.gentoo.org/glsa/202007-11","https://trac.webkit.org/changeset/262368/webkit","https://usn.ubuntu.com/4422-1/","https://www.debian.org/security/2020/dsa-4724","https://www.openwall.com/lists/oss-security/2020/07/10/1","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/","https://security.gentoo.org/glsa/202007-11","https://trac.webkit.org/changeset/262368/webkit","https://usn.ubuntu.com/4422-1/","https://www.debian.org/security/2020/dsa-4724","https://www.openwall.com/lists/oss-security/2020/07/10/1"],"published_time":"2020-07-14T14:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20907","summary":"In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html","https://bugs.python.org/issue39017","https://github.com/python/cpython/pull/21454","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/","https://security.gentoo.org/glsa/202008-01","https://security.netapp.com/advisory/ntap-20200731-0002/","https://usn.ubuntu.com/4428-1/","https://www.oracle.com/security-alerts/cpujan2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html","https://bugs.python.org/issue39017","https://github.com/python/cpython/pull/21454","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/","https://security.gentoo.org/glsa/202008-01","https://security.netapp.com/advisory/ntap-20200731-0002/","https://usn.ubuntu.com/4428-1/","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-07-13T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10756","summary":"An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html","https://bugzilla.redhat.com/show_bug.cgi?id=1835986","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/","https://security.netapp.com/advisory/ntap-20201001-0001/","https://usn.ubuntu.com/4437-1/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728","https://www.zerodayinitiative.com/advisories/ZDI-20-1005/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html","https://bugzilla.redhat.com/show_bug.cgi?id=1835986","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/","https://security.netapp.com/advisory/ntap-20201001-0001/","https://usn.ubuntu.com/4437-1/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728","https://www.zerodayinitiative.com/advisories/ZDI-20-1005/"],"published_time":"2020-07-09T16:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12421","summary":"When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01087,"ranking_epss":0.77911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1308251","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1308251","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/"],"published_time":"2020-07-09T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12406","summary":"Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1639590","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-20/","https://www.mozilla.org/security/advisories/mfsa2020-21/","https://www.mozilla.org/security/advisories/mfsa2020-22/","https://bugzilla.mozilla.org/show_bug.cgi?id=1639590","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-20/","https://www.mozilla.org/security/advisories/mfsa2020-21/","https://www.mozilla.org/security/advisories/mfsa2020-22/"],"published_time":"2020-07-09T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12410","summary":"Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00783,"ranking_epss":0.73728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-20/","https://www.mozilla.org/security/advisories/mfsa2020-21/","https://www.mozilla.org/security/advisories/mfsa2020-22/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-20/","https://www.mozilla.org/security/advisories/mfsa2020-21/","https://www.mozilla.org/security/advisories/mfsa2020-22/"],"published_time":"2020-07-09T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12417","summary":"Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.6478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1640737","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1640737","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/"],"published_time":"2020-07-09T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12418","summary":"Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0124,"ranking_epss":0.79249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1641303","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1641303","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/"],"published_time":"2020-07-09T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12419","summary":"When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00464,"ranking_epss":0.6431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1643874","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1643874","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/"],"published_time":"2020-07-09T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12420","summary":"When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00436,"ranking_epss":0.62997,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1643437","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1643437","https://security.gentoo.org/glsa/202007-09","https://security.gentoo.org/glsa/202007-10","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-24/","https://www.mozilla.org/security/advisories/mfsa2020-25/","https://www.mozilla.org/security/advisories/mfsa2020-26/"],"published_time":"2020-07-09T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12398","summary":"If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00262,"ranking_epss":0.49515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1613623","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-22/","https://bugzilla.mozilla.org/show_bug.cgi?id=1613623","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-22/"],"published_time":"2020-07-09T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12405","summary":"When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.","cvss":5.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0066,"ranking_epss":0.71092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1631618","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-20/","https://www.mozilla.org/security/advisories/mfsa2020-21/","https://www.mozilla.org/security/advisories/mfsa2020-22/","https://bugzilla.mozilla.org/show_bug.cgi?id=1631618","https://usn.ubuntu.com/4421-1/","https://www.mozilla.org/security/advisories/mfsa2020-20/","https://www.mozilla.org/security/advisories/mfsa2020-21/","https://www.mozilla.org/security/advisories/mfsa2020-22/"],"published_time":"2020-07-09T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10760","summary":"A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02353,"ranking_epss":0.84905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html","https://bugzilla.redhat.com/show_bug.cgi?id=1849509%3B","https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/","https://security.gentoo.org/glsa/202007-15","https://usn.ubuntu.com/4409-1/","https://www.samba.org/samba/security/CVE-2020-10760.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html","https://bugzilla.redhat.com/show_bug.cgi?id=1849509%3B","https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/","https://security.gentoo.org/glsa/202007-15","https://usn.ubuntu.com/4409-1/","https://www.samba.org/samba/security/CVE-2020-10760.html"],"published_time":"2020-07-06T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14303","summary":"A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.26364,"ranking_epss":0.96312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html","https://bugzilla.redhat.com/show_bug.cgi?id=1851298%3B","https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/","https://security.gentoo.org/glsa/202007-15","https://security.netapp.com/advisory/ntap-20200709-0003/","https://usn.ubuntu.com/4454-1/","https://usn.ubuntu.com/4454-2/","https://www.samba.org/samba/security/CVE-2020-14303.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html","https://bugzilla.redhat.com/show_bug.cgi?id=1851298%3B","https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/","https://security.gentoo.org/glsa/202007-15","https://security.netapp.com/advisory/ntap-20200709-0003/","https://usn.ubuntu.com/4454-1/","https://usn.ubuntu.com/4454-2/","https://www.samba.org/samba/security/CVE-2020-14303.html"],"published_time":"2020-07-06T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8161","summary":"A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.","cvss":8.6,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00907,"ranking_epss":0.75759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","https://hackerone.com/reports/434404","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://usn.ubuntu.com/4561-1/","https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","https://hackerone.com/reports/434404","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://usn.ubuntu.com/4561-1/"],"published_time":"2020-07-02T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5973","summary":"NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5031","https://usn.ubuntu.com/4404-1/","https://usn.ubuntu.com/4404-2/","https://nvidia.custhelp.com/app/answers/detail/a_id/5031","https://usn.ubuntu.com/4404-1/","https://usn.ubuntu.com/4404-2/"],"published_time":"2020-06-30T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-18922","summary":"It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04777,"ranking_epss":0.89463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","http://www.openwall.com/lists/oss-security/2020/06/30/3","https://bugzilla.redhat.com/show_bug.cgi?id=1852356","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/","https://usn.ubuntu.com/4407-1/","https://www.openwall.com/lists/oss-security/2020/06/30/2","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","http://www.openwall.com/lists/oss-security/2020/06/30/3","https://bugzilla.redhat.com/show_bug.cgi?id=1852356","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/","https://usn.ubuntu.com/4407-1/","https://www.openwall.com/lists/oss-security/2020/06/30/2"],"published_time":"2020-06-30T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15393","summary":"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=831eebad70a25f55b5745453ac252d4afe997187","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28ebeb8db77035e058a510ce9bd17c2b9a009dba","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lkml.org/lkml/2020/6/2/968","https://usn.ubuntu.com/4463-1/","https://usn.ubuntu.com/4465-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=831eebad70a25f55b5745453ac252d4afe997187","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28ebeb8db77035e058a510ce9bd17c2b9a009dba","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lkml.org/lkml/2020/6/2/968","https://usn.ubuntu.com/4463-1/","https://usn.ubuntu.com/4465-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/"],"published_time":"2020-06-29T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-4067","summary":"In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.","cvss":7.0,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.0,"cvss_v4":null,"epss":0.01097,"ranking_epss":0.78011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html","https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15","https://github.com/coturn/coturn/issues/583","https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm","https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/","https://usn.ubuntu.com/4415-1/","https://www.debian.org/security/2020/dsa-4711","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html","https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15","https://github.com/coturn/coturn/issues/583","https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm","https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/","https://usn.ubuntu.com/4415-1/","https://www.debian.org/security/2020/dsa-4711"],"published_time":"2020-06-29T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15358","summary":"In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11179,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2021/Feb/14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200709-0001/","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211847","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT212147","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2021/Feb/14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200709-0001/","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211847","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT212147","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010"],"published_time":"2020-06-27T12:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11996","summary":"A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.45121,"ranking_epss":0.97598,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html","https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","https://security.netapp.com/advisory/ntap-20200709-0002/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html","https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","https://security.netapp.com/advisory/ntap-20200709-0002/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-06-26T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10753","summary":"A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.","cvss":5.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00407,"ranking_epss":0.61148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS/","https://security.gentoo.org/glsa/202105-39","https://usn.ubuntu.com/4528-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS/","https://security.gentoo.org/glsa/202105-39","https://usn.ubuntu.com/4528-1/"],"published_time":"2020-06-26T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15305","summary":"An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00113,"ranking_epss":0.29768,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md","https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md","https://github.com/AcademySoftwareFoundation/openexr/pull/730","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/","https://security.gentoo.org/glsa/202107-27","https://usn.ubuntu.com/4418-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md","https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md","https://github.com/AcademySoftwareFoundation/openexr/pull/730","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/","https://security.gentoo.org/glsa/202107-27","https://usn.ubuntu.com/4418-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-06-26T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15306","summary":"An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md","https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md","https://github.com/AcademySoftwareFoundation/openexr/pull/738","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/","https://security.gentoo.org/glsa/202107-27","https://usn.ubuntu.com/4418-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md","https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md","https://github.com/AcademySoftwareFoundation/openexr/pull/738","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/","https://security.gentoo.org/glsa/202107-27","https://usn.ubuntu.com/4418-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-06-26T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5967","summary":"NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5031","https://usn.ubuntu.com/4404-1/","https://usn.ubuntu.com/4404-2/","https://nvidia.custhelp.com/app/answers/detail/a_id/5031","https://usn.ubuntu.com/4404-1/","https://usn.ubuntu.com/4404-2/"],"published_time":"2020-06-25T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10177","summary":"Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00319,"ranking_epss":0.54978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/commits/master/src/libImaging","https://github.com/python-pillow/Pillow/pull/4503","https://github.com/python-pillow/Pillow/pull/4538","https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/","https://github.com/python-pillow/Pillow/commits/master/src/libImaging","https://github.com/python-pillow/Pillow/pull/4503","https://github.com/python-pillow/Pillow/pull/4538","https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/"],"published_time":"2020-06-25T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10378","summary":"In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00319,"ranking_epss":0.54957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac","https://github.com/python-pillow/Pillow/commits/master/src/libImaging","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/","https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac","https://github.com/python-pillow/Pillow/commits/master/src/libImaging","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/"],"published_time":"2020-06-25T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10379","summary":"In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0036,"ranking_epss":0.58211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac","https://github.com/python-pillow/Pillow/commits/master/src/libImaging","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-2/","https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac","https://github.com/python-pillow/Pillow/commits/master/src/libImaging","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-2/"],"published_time":"2020-06-25T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10994","summary":"In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/commits/master/src/libImaging/","https://github.com/python-pillow/Pillow/pull/4505","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/","https://github.com/python-pillow/Pillow/commits/master/src/libImaging/","https://github.com/python-pillow/Pillow/pull/4505","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/"],"published_time":"2020-06-25T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11538","summary":"In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00267,"ranking_epss":0.5016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/pull/4504","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://pillow.readthedocs.io/en/stable/releasenotes/index.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/","https://github.com/python-pillow/Pillow/pull/4504","https://github.com/python-pillow/Pillow/pull/4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/","https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html","https://pillow.readthedocs.io/en/stable/releasenotes/index.html","https://usn.ubuntu.com/4430-1/","https://usn.ubuntu.com/4430-2/"],"published_time":"2020-06-25T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5963","summary":"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvidia.custhelp.com/app/answers/detail/a_id/5031","https://usn.ubuntu.com/4404-1/","https://usn.ubuntu.com/4404-2/","https://nvidia.custhelp.com/app/answers/detail/a_id/5031","https://usn.ubuntu.com/4404-1/","https://usn.ubuntu.com/4404-2/"],"published_time":"2020-06-25T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12862","summary":"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.","cvss":4.3,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-24T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12863","summary":"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.","cvss":4.3,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-24T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12864","summary":"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.","cvss":4.3,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.4699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-24T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12865","summary":"A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.","cvss":8.0,"cvss_version":3.0,"cvss_v2":5.2,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00295,"ranking_epss":0.52813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-24T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12866","summary":"A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.","cvss":5.7,"cvss_version":3.0,"cvss_v2":2.7,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48238,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-24T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12861","summary":"A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.9,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-24T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15011","summary":"GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01332,"ranking_epss":0.79954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html","https://bugs.launchpad.net/mailman/+bug/1877379","https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html","https://usn.ubuntu.com/4406-1/","https://www.debian.org/security/2021/dsa-4991","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html","https://bugs.launchpad.net/mailman/+bug/1877379","https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html","https://usn.ubuntu.com/4406-1/","https://www.debian.org/security/2021/dsa-4991"],"published_time":"2020-06-24T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-4030","summary":"In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":3.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-4031","summary":"In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.50129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-4032","summary":"In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.","cvss":3.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00407,"ranking_epss":0.611,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-4033","summary":"In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.","cvss":3.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00207,"ranking_epss":0.43066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11096","summary":"In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00281,"ranking_epss":0.51517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11097","summary":"In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11098","summary":"In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00227,"ranking_epss":0.45451,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11099","summary":"In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.3932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11095","summary":"In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.","cvss":3.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","http://www.freerdp.com/2020/06/22/2_1_2-released","https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","https://usn.ubuntu.com/4481-1/"],"published_time":"2020-06-22T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14954","summary":"Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.05784,"ranking_epss":0.90494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html","http://www.mutt.org/","https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc","https://github.com/neomutt/neomutt/releases/tag/20200619","https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4","https://gitlab.com/muttmua/mutt/-/issues/248","https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/","https://security.gentoo.org/glsa/202007-57","https://usn.ubuntu.com/4403-1/","https://www.debian.org/security/2020/dsa-4707","https://www.debian.org/security/2020/dsa-4708","http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html","http://www.mutt.org/","https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc","https://github.com/neomutt/neomutt/releases/tag/20200619","https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4","https://gitlab.com/muttmua/mutt/-/issues/248","https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/","https://security.gentoo.org/glsa/202007-57","https://usn.ubuntu.com/4403-1/","https://www.debian.org/security/2020/dsa-4707","https://www.debian.org/security/2020/dsa-4708"],"published_time":"2020-06-21T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8184","summary":"A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01067,"ranking_epss":0.77705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","https://hackerone.com/reports/895727","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://usn.ubuntu.com/4561-1/","https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","https://hackerone.com/reports/895727","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://usn.ubuntu.com/4561-1/"],"published_time":"2020-06-19T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3350","summary":"A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.","cvss":5.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00131,"ranking_epss":0.32535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/","https://security.gentoo.org/glsa/202007-23","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy","https://usn.ubuntu.com/4435-1/","https://usn.ubuntu.com/4435-2/","https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/","https://security.gentoo.org/glsa/202007-23","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy","https://usn.ubuntu.com/4435-1/","https://usn.ubuntu.com/4435-2/"],"published_time":"2020-06-18T03:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8619","summary":"In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.06931,"ranking_epss":0.91417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8619","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNFTTYJ5JJJJ6QG3AHXJGDIIEYMDFWFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIOXMJX4N3LBKC65OXNBE52W4GAS7QEX/","https://security.netapp.com/advisory/ntap-20200625-0003/","https://usn.ubuntu.com/4399-1/","https://www.debian.org/security/2020/dsa-4752","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8619","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNFTTYJ5JJJJ6QG3AHXJGDIIEYMDFWFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIOXMJX4N3LBKC65OXNBE52W4GAS7QEX/","https://security.netapp.com/advisory/ntap-20200625-0003/","https://usn.ubuntu.com/4399-1/","https://www.debian.org/security/2020/dsa-4752"],"published_time":"2020-06-17T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8618","summary":"An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.01297,"ranking_epss":0.79698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8618","https://security.netapp.com/advisory/ntap-20200625-0003/","https://usn.ubuntu.com/4399-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","https://kb.isc.org/docs/cve-2020-8618","https://security.netapp.com/advisory/ntap-20200625-0003/","https://usn.ubuntu.com/4399-1/"],"published_time":"2020-06-17T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14402","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.4,"cvss_v4":null,"epss":0.02216,"ranking_epss":0.84481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/"],"published_time":"2020-06-17T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14403","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.4,"cvss_v4":null,"epss":0.01113,"ranking_epss":0.78165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/"],"published_time":"2020-06-17T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14404","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.4,"cvss_v4":null,"epss":0.01332,"ranking_epss":0.79956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/"],"published_time":"2020-06-17T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14405","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01448,"ranking_epss":0.80754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-21247","summary":"An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01477,"ranking_epss":0.80972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://github.com/LibVNC/libvncserver/issues/253","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://github.com/LibVNC/libvncserver/issues/253","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20839","summary":"libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04081,"ranking_epss":0.88561,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/","https://usn.ubuntu.com/4434-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20840","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02026,"ranking_epss":0.83781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://usn.ubuntu.com/4434-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14396","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01582,"ranking_epss":0.81579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://usn.ubuntu.com/4434-1/","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14397","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04438,"ranking_epss":0.8905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","https://usn.ubuntu.com/4573-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14398","summary":"An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02271,"ranking_epss":0.84649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://usn.ubuntu.com/4434-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14399","summary":"An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly \"no trust boundary crossed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02462,"ranking_epss":0.85245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://bugzilla.redhat.com/show_bug.cgi?id=1860354","https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://bugzilla.redhat.com/show_bug.cgi?id=1860354","https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14400","summary":"An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02477,"ranking_epss":0.85283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://bugzilla.redhat.com/show_bug.cgi?id=1860361","https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html","https://bugzilla.redhat.com/show_bug.cgi?id=1860361","https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d","https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13","https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html","https://usn.ubuntu.com/4434-1/"],"published_time":"2020-06-17T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14154","summary":"Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00692,"ranking_epss":0.71822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html","http://www.mutt.org","https://bugs.gentoo.org/728300","https://security.gentoo.org/glsa/202007-57","https://usn.ubuntu.com/4401-1/","http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html","http://www.mutt.org","https://bugs.gentoo.org/728300","https://security.gentoo.org/glsa/202007-57","https://usn.ubuntu.com/4401-1/"],"published_time":"2020-06-15T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0543","summary":"Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00481,"ranking_epss":0.65119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html","http://www.openwall.com/lists/oss-security/2020/07/14/5","https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/","https://usn.ubuntu.com/4385-1/","https://usn.ubuntu.com/4387-1/","https://usn.ubuntu.com/4388-1/","https://usn.ubuntu.com/4389-1/","https://usn.ubuntu.com/4390-1/","https://usn.ubuntu.com/4391-1/","https://usn.ubuntu.com/4392-1/","https://usn.ubuntu.com/4393-1/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html","http://www.openwall.com/lists/oss-security/2020/07/14/5","https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/","https://usn.ubuntu.com/4385-1/","https://usn.ubuntu.com/4387-1/","https://usn.ubuntu.com/4388-1/","https://usn.ubuntu.com/4389-1/","https://usn.ubuntu.com/4390-1/","https://usn.ubuntu.com/4391-1/","https://usn.ubuntu.com/4392-1/","https://usn.ubuntu.com/4393-1/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"],"published_time":"2020-06-15T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14093","summary":"Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.03861,"ranking_epss":0.88217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html","http://www.mutt.org","https://bugs.gentoo.org/728300","https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01","https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html","https://security.gentoo.org/glsa/202007-57","https://usn.ubuntu.com/4401-1/","https://www.debian.org/security/2020/dsa-4707","https://www.debian.org/security/2020/dsa-4708","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html","http://www.mutt.org","https://bugs.gentoo.org/728300","https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01","https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html","https://security.gentoo.org/glsa/202007-57","https://usn.ubuntu.com/4401-1/","https://www.debian.org/security/2020/dsa-4707","https://www.debian.org/security/2020/dsa-4708"],"published_time":"2020-06-15T05:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10732","summary":"A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732","https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d","https://github.com/google/kmsan/issues/76","https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a","https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/","https://security.netapp.com/advisory/ntap-20210129-0005/","https://twitter.com/grsecurity/status/1252558055629299712","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4485-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732","https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d","https://github.com/google/kmsan/issues/76","https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a","https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/","https://security.netapp.com/advisory/ntap-20210129-0005/","https://twitter.com/grsecurity/status/1252558055629299712","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4485-1/"],"published_time":"2020-06-12T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0198","summary":"In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.11111,"ranking_epss":0.93462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7/","https://security.gentoo.org/glsa/202011-19","https://source.android.com/security/bulletin/pixel/2020-06-01","https://usn.ubuntu.com/4396-1/","https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7/","https://security.gentoo.org/glsa/202011-19","https://source.android.com/security/bulletin/pixel/2020-06-01","https://usn.ubuntu.com/4396-1/"],"published_time":"2020-06-11T15:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10755","summary":"An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00315,"ranking_epss":0.54618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755","https://usn.ubuntu.com/4420-1/","https://wiki.openstack.org/wiki/OSSN/OSSN-0086","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755","https://usn.ubuntu.com/4420-1/","https://wiki.openstack.org/wiki/OSSN/OSSN-0086"],"published_time":"2020-06-10T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10757","summary":"A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00669,"ranking_epss":0.71292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://bugzilla.redhat.com/show_bug.cgi?id=1842525","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/","https://security.netapp.com/advisory/ntap-20200702-0004/","https://usn.ubuntu.com/4426-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4483-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.openwall.com/lists/oss-security/2020/06/04/4","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://bugzilla.redhat.com/show_bug.cgi?id=1842525","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/","https://security.netapp.com/advisory/ntap-20200702-0004/","https://usn.ubuntu.com/4426-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4483-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.openwall.com/lists/oss-security/2020/06/04/4"],"published_time":"2020-06-09T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10761","summary":"An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.","cvss":5.0,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00841,"ranking_epss":0.74716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200731-0001/","https://usn.ubuntu.com/4467-1/","https://www.openwall.com/lists/oss-security/2020/06/09/1","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200731-0001/","https://usn.ubuntu.com/4467-1/","https://www.openwall.com/lists/oss-security/2020/06/09/1"],"published_time":"2020-06-09T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13974","summary":"An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.2626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://lkml.org/lkml/2020/3/22/482","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","https://www.oracle.com/security-alerts/cpujul2022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://lkml.org/lkml/2020/3/22/482","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2020-06-09T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13625","summary":"PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04546,"ranking_epss":0.89187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6","https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj","https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/","https://usn.ubuntu.com/4505-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6","https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj","https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/","https://usn.ubuntu.com/4505-1/"],"published_time":"2020-06-08T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13696","summary":"An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13348,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html","http://www.openwall.com/lists/oss-security/2020/06/04/6","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696","https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3","https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292","https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c","https://lists.debian.org/debian-lts-announce/2020/06/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELOXU5LXQSQOXX64D4BICZV3TQWOBXHC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7XWAO7W2DGA6M52JGK2TDWUGF62Q2KY/","https://usn.ubuntu.com/4518-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html","http://www.openwall.com/lists/oss-security/2020/06/04/6","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696","https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3","https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292","https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c","https://lists.debian.org/debian-lts-announce/2020/06/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELOXU5LXQSQOXX64D4BICZV3TQWOBXHC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7XWAO7W2DGA6M52JGK2TDWUGF62Q2KY/","https://usn.ubuntu.com/4518-1/"],"published_time":"2020-06-08T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12049","summary":"An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html","http://www.openwall.com/lists/oss-security/2020/06/04/3","https://gitlab.freedesktop.org/dbus/dbus/-/issues/294","https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30","https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18","https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16","https://security.gentoo.org/glsa/202007-46","https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak","https://usn.ubuntu.com/4398-1/","https://usn.ubuntu.com/4398-2/","http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html","http://www.openwall.com/lists/oss-security/2020/06/04/3","https://gitlab.freedesktop.org/dbus/dbus/-/issues/294","https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30","https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18","https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16","https://security.gentoo.org/glsa/202007-46","https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak","https://usn.ubuntu.com/4398-1/","https://usn.ubuntu.com/4398-2/"],"published_time":"2020-06-08T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12695","summary":"The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03029,"ranking_epss":0.86649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html","http://www.openwall.com/lists/oss-security/2020/06/08/2","https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/","https://github.com/corelight/callstranger-detector","https://github.com/yunuscadirci/CallStranger","https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/","https://usn.ubuntu.com/4494-1/","https://www.callstranger.com","https://www.debian.org/security/2020/dsa-4806","https://www.debian.org/security/2021/dsa-4898","https://www.kb.cert.org/vuls/id/339275","https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of","http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html","http://www.openwall.com/lists/oss-security/2020/06/08/2","https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/","https://github.com/corelight/callstranger-detector","https://github.com/yunuscadirci/CallStranger","https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/","https://usn.ubuntu.com/4494-1/","https://www.callstranger.com","https://www.debian.org/security/2020/dsa-4806","https://www.debian.org/security/2021/dsa-4898","https://www.kb.cert.org/vuls/id/339275","https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"],"published_time":"2020-06-08T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13904","summary":"FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.64781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2","https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html","https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/","https://security.gentoo.org/glsa/202007-58","https://trac.ffmpeg.org/ticket/8673","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722","https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2","https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html","https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/","https://security.gentoo.org/glsa/202007-58","https://trac.ffmpeg.org/ticket/8673","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722"],"published_time":"2020-06-07T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13881","summary":"In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01239,"ranking_epss":0.7923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/06/08/1","https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0","https://github.com/kravietz/pam_tacplus/issues/149","https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html","https://usn.ubuntu.com/4521-1/","https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50","http://www.openwall.com/lists/oss-security/2020/06/08/1","https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0","https://github.com/kravietz/pam_tacplus/issues/149","https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html","https://usn.ubuntu.com/4521-1/","https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50"],"published_time":"2020-06-06T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13765","summary":"rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.","cvss":5.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":5.6,"cvss_v4":null,"epss":0.00371,"ranking_epss":0.58907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319","https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://security.netapp.com/advisory/ntap-20200619-0006/","https://usn.ubuntu.com/4467-1/","https://www.openwall.com/lists/oss-security/2020/06/03/6","https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319","https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://security.netapp.com/advisory/ntap-20200619-0006/","https://usn.ubuntu.com/4467-1/","https://www.openwall.com/lists/oss-security/2020/06/03/6"],"published_time":"2020-06-04T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13800","summary":"ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.","cvss":6.0,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":6.0,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800","https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200717-0001/","https://usn.ubuntu.com/4467-1/","https://www.openwall.com/lists/oss-security/2020/06/04/2","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800","https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200717-0001/","https://usn.ubuntu.com/4467-1/","https://www.openwall.com/lists/oss-security/2020/06/04/2"],"published_time":"2020-06-04T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13777","summary":"GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"cvss_v4":null,"epss":0.01521,"ranking_epss":0.81255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html","https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/","https://security.gentoo.org/glsa/202006-01","https://security.netapp.com/advisory/ntap-20200619-0004/","https://usn.ubuntu.com/4384-1/","https://www.debian.org/security/2020/dsa-4697","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html","https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/","https://security.gentoo.org/glsa/202006-01","https://security.netapp.com/advisory/ntap-20200619-0004/","https://usn.ubuntu.com/4384-1/","https://www.debian.org/security/2020/dsa-4697"],"published_time":"2020-06-04T07:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13254","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.08673,"ranking_epss":0.92462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.djangoproject.com/en/3.0/releases/security/","https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","https://security.netapp.com/advisory/ntap-20200611-0002/","https://usn.ubuntu.com/4381-1/","https://usn.ubuntu.com/4381-2/","https://www.debian.org/security/2020/dsa-4705","https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","https://www.oracle.com/security-alerts/cpujan2021.html","https://docs.djangoproject.com/en/3.0/releases/security/","https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","https://security.netapp.com/advisory/ntap-20200611-0002/","https://usn.ubuntu.com/4381-1/","https://usn.ubuntu.com/4381-2/","https://www.debian.org/security/2020/dsa-4705","https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-06-03T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13596","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00992,"ranking_epss":0.76898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.djangoproject.com/en/3.0/releases/security/","https://groups.google.com/forum/#%21msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","https://security.netapp.com/advisory/ntap-20200611-0002/","https://usn.ubuntu.com/4381-1/","https://usn.ubuntu.com/4381-2/","https://www.debian.org/security/2020/dsa-4705","https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","https://www.oracle.com/security-alerts/cpujan2021.html","https://docs.djangoproject.com/en/3.0/releases/security/","https://groups.google.com/forum/#%21msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","https://security.netapp.com/advisory/ntap-20200611-0002/","https://usn.ubuntu.com/4381-1/","https://usn.ubuntu.com/4381-2/","https://www.debian.org/security/2020/dsa-4705","https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-06-03T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20811","summary":"An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://usn.ubuntu.com/4527-1/","https://www.debian.org/security/2020/dsa-4698","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://usn.ubuntu.com/4527-1/","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-06-03T03:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20810","summary":"go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9453264ef58638ce8976121ac44c07a3ef375983","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9453264ef58638ce8976121ac44c07a3ef375983","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/"],"published_time":"2020-06-03T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7663","summary":"websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0242,"ranking_epss":0.85127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions","https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b","https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2","https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html","https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830","https://usn.ubuntu.com/4502-1/","https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions","https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b","https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2","https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html","https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830","https://usn.ubuntu.com/4502-1/"],"published_time":"2020-06-02T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13754","summary":"hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.0872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/06/01/6","http://www.openwall.com/lists/oss-security/2020/06/15/8","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0007/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728","http://www.openwall.com/lists/oss-security/2020/06/01/6","http://www.openwall.com/lists/oss-security/2020/06/15/8","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0007/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728"],"published_time":"2020-06-02T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13659","summary":"address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.","cvss":2.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":2.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10896,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","http://www.openwall.com/lists/oss-security/2020/06/01/3","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0007/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","http://www.openwall.com/lists/oss-security/2020/06/01/3","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0007/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728"],"published_time":"2020-06-02T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13757","summary":"Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.27004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sybrenstuvel/python-rsa/issues/146","https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/","https://usn.ubuntu.com/4478-1/","https://github.com/sybrenstuvel/python-rsa/issues/146","https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/","https://usn.ubuntu.com/4478-1/"],"published_time":"2020-06-01T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12867","summary":"A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.3176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWUVCHURVGGYBEUOBA4PLSNXJVBKHJYJ/","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html","https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html","https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read","https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWUVCHURVGGYBEUOBA4PLSNXJVBKHJYJ/","https://securitylab.github.com/advisories/GHSL-2020-075-libsane","https://usn.ubuntu.com/4470-1/"],"published_time":"2020-06-01T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13362","summary":"In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.","cvss":3.2,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.2,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","http://www.openwall.com/lists/oss-security/2020/05/28/2","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html","https://security-tracker.debian.org/tracker/CVE-2020-13362","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0003/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","http://www.openwall.com/lists/oss-security/2020/05/28/2","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html","https://security-tracker.debian.org/tracker/CVE-2020-13362","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0003/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728"],"published_time":"2020-05-28T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20807","summary":"In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.42872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html","http://seclists.org/fulldisclosure/2020/Jul/24","https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075","https://github.com/vim/vim/releases/tag/v8.1.0881","https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4582-1/","https://www.starwindsoftware.com/security/sw-20220812-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html","http://seclists.org/fulldisclosure/2020/Jul/24","https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075","https://github.com/vim/vim/releases/tag/v8.1.0881","https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4582-1/","https://www.starwindsoftware.com/security/sw-20220812-0003/"],"published_time":"2020-05-28T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13361","summary":"In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.","cvss":3.9,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","http://www.openwall.com/lists/oss-security/2020/05/28/1","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html","https://security-tracker.debian.org/tracker/CVE-2020-13361","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0003/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html","http://www.openwall.com/lists/oss-security/2020/05/28/1","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html","https://security-tracker.debian.org/tracker/CVE-2020-13361","https://security.gentoo.org/glsa/202011-09","https://security.netapp.com/advisory/ntap-20200608-0003/","https://usn.ubuntu.com/4467-1/","https://www.debian.org/security/2020/dsa-4728"],"published_time":"2020-05-28T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13645","summary":"In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0061,"ranking_epss":0.69739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gitlab.gnome.org/GNOME/balsa/-/issues/34","https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/","https://security.gentoo.org/glsa/202007-50","https://security.netapp.com/advisory/ntap-20200608-0004/","https://usn.ubuntu.com/4405-1/","https://gitlab.gnome.org/GNOME/balsa/-/issues/34","https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/","https://security.gentoo.org/glsa/202007-50","https://security.netapp.com/advisory/ntap-20200608-0004/","https://usn.ubuntu.com/4405-1/"],"published_time":"2020-05-28T12:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10936","summary":"Sympa before 6.2.56 allows privilege escalation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sympa-community/sympa/releases","https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/","https://sysdream.com/news/lab/","https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/","https://usn.ubuntu.com/4442-1/","https://www.debian.org/security/2020/dsa-4818","https://github.com/sympa-community/sympa/releases","https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/","https://sysdream.com/news/lab/","https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/","https://usn.ubuntu.com/4442-1/","https://www.debian.org/security/2020/dsa-4818"],"published_time":"2020-05-27T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13632","summary":"ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200608-0002/","https://sqlite.org/src/info/a4dd148928ea65bd","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200608-0002/","https://sqlite.org/src/info/a4dd148928ea65bd","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-05-27T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13253","summary":"sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/05/27/2","https://bugzilla.redhat.com/show_bug.cgi?id=1838546","https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html","https://security.gentoo.org/glsa/202011-09","https://usn.ubuntu.com/4467-1/","http://www.openwall.com/lists/oss-security/2020/05/27/2","https://bugzilla.redhat.com/show_bug.cgi?id=1838546","https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html","https://security.gentoo.org/glsa/202011-09","https://usn.ubuntu.com/4467-1/"],"published_time":"2020-05-27T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13630","summary":"ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200608-0002/","https://sqlite.org/src/info/0d69f76f0865f962","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200608-0002/","https://sqlite.org/src/info/0d69f76f0865f962","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-05-27T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13631","summary":"SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14756,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200608-0002/","https://sqlite.org/src/info/eca0ba2cf4c0fdf7","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200608-0002/","https://sqlite.org/src/info/eca0ba2cf4c0fdf7","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-05-27T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12392","summary":"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00159,"ranking_epss":0.36759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1614468","https://security.gentoo.org/glsa/202005-03","https://security.gentoo.org/glsa/202005-04","https://usn.ubuntu.com/4373-1/","https://www.mozilla.org/security/advisories/mfsa2020-16/","https://www.mozilla.org/security/advisories/mfsa2020-17/","https://www.mozilla.org/security/advisories/mfsa2020-18/","https://bugzilla.mozilla.org/show_bug.cgi?id=1614468","https://security.gentoo.org/glsa/202005-03","https://security.gentoo.org/glsa/202005-04","https://usn.ubuntu.com/4373-1/","https://www.mozilla.org/security/advisories/mfsa2020-16/","https://www.mozilla.org/security/advisories/mfsa2020-17/","https://www.mozilla.org/security/advisories/mfsa2020-18/"],"published_time":"2020-05-26T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6831","summary":"A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.06267,"ranking_epss":0.90924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html","http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1632241","https://security.gentoo.org/glsa/202005-03","https://security.gentoo.org/glsa/202005-04","https://usn.ubuntu.com/4373-1/","https://www.debian.org/security/2020/dsa-4714","https://www.mozilla.org/security/advisories/mfsa2020-16/","https://www.mozilla.org/security/advisories/mfsa2020-17/","https://www.mozilla.org/security/advisories/mfsa2020-18/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html","http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1632241","https://security.gentoo.org/glsa/202005-03","https://security.gentoo.org/glsa/202005-04","https://usn.ubuntu.com/4373-1/","https://www.debian.org/security/2020/dsa-4714","https://www.mozilla.org/security/advisories/mfsa2020-16/","https://www.mozilla.org/security/advisories/mfsa2020-17/","https://www.mozilla.org/security/advisories/mfsa2020-18/"],"published_time":"2020-05-26T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12395","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01275,"ranking_epss":0.79544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508","https://security.gentoo.org/glsa/202005-03","https://security.gentoo.org/glsa/202005-04","https://usn.ubuntu.com/4373-1/","https://www.mozilla.org/security/advisories/mfsa2020-16/","https://www.mozilla.org/security/advisories/mfsa2020-17/","https://www.mozilla.org/security/advisories/mfsa2020-18/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508","https://security.gentoo.org/glsa/202005-03","https://security.gentoo.org/glsa/202005-04","https://usn.ubuntu.com/4373-1/","https://www.mozilla.org/security/advisories/mfsa2020-16/","https://www.mozilla.org/security/advisories/mfsa2020-17/","https://www.mozilla.org/security/advisories/mfsa2020-18/"],"published_time":"2020-05-26T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3811","summary":"qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/961060","https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html","https://usn.ubuntu.com/4556-1/","https://www.debian.org/security/2020/dsa-4692","https://www.openwall.com/lists/oss-security/2020/05/19/8","https://bugs.debian.org/961060","https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html","https://usn.ubuntu.com/4556-1/","https://www.debian.org/security/2020/dsa-4692","https://www.openwall.com/lists/oss-security/2020/05/19/8"],"published_time":"2020-05-26T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3812","summary":"qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/961060","https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html","https://usn.ubuntu.com/4556-1/","https://www.debian.org/security/2020/dsa-4692","https://www.openwall.com/lists/oss-security/2020/05/19/8","https://bugs.debian.org/961060","https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html","https://usn.ubuntu.com/4556-1/","https://www.debian.org/security/2020/dsa-4692","https://www.openwall.com/lists/oss-security/2020/05/19/8"],"published_time":"2020-05-26T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13434","summary":"SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200528-0004/","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200528-0004/","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e"],"published_time":"2020-05-24T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12397","summary":"By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1617370","https://security.gentoo.org/glsa/202005-03","https://usn.ubuntu.com/4373-1/","https://www.mozilla.org/security/advisories/mfsa2020-18/","https://bugzilla.mozilla.org/show_bug.cgi?id=1617370","https://security.gentoo.org/glsa/202005-03","https://usn.ubuntu.com/4373-1/","https://www.mozilla.org/security/advisories/mfsa2020-18/"],"published_time":"2020-05-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13396","summary":"An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc","https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69","https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc","https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69","https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-22T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13397","summary":"An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69","https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8","https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69","https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8","https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-22T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13398","summary":"An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.","cvss":8.3,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00455,"ranking_epss":0.63859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea","https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69","https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea","https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69","https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-22T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10711","summary":"A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.05438,"ranking_epss":0.90175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4419-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.openwall.com/lists/oss-security/2020/05/12/2","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4419-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.openwall.com/lists/oss-security/2020/05/12/2"],"published_time":"2020-05-22T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13113","summary":"An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.","cvss":8.2,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00696,"ranking_epss":0.71916,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f","https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4396-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f","https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4396-1/"],"published_time":"2020-05-21T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13112","summary":"An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00978,"ranking_epss":0.76725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1","https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4396-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1","https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4396-1/"],"published_time":"2020-05-21T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13114","summary":"An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00774,"ranking_epss":0.73586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab","https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4396-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab","https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4396-1/"],"published_time":"2020-05-21T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6463","summary":"Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03747,"ranking_epss":0.88022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html","https://crbug.com/1065186","https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/","https://security.gentoo.org/glsa/202007-60","https://security.gentoo.org/glsa/202007-64","https://usn.ubuntu.com/4443-1/","https://www.debian.org/security/2020/dsa-4714","https://www.debian.org/security/2020/dsa-4736","https://www.debian.org/security/2020/dsa-4740","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html","https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html","https://crbug.com/1065186","https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/","https://security.gentoo.org/glsa/202007-60","https://security.gentoo.org/glsa/202007-64","https://usn.ubuntu.com/4443-1/","https://www.debian.org/security/2020/dsa-4714","https://www.debian.org/security/2020/dsa-4736","https://www.debian.org/security/2020/dsa-4740"],"published_time":"2020-05-21T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9484","summary":"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"cvss_v4":null,"epss":0.93325,"ranking_epss":0.99809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html","http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html","http://seclists.org/fulldisclosure/2020/Jun/6","http://www.openwall.com/lists/oss-security/2021/03/01/2","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/","https://security.gentoo.org/glsa/202006-21","https://security.netapp.com/advisory/ntap-20200528-0005/","https://usn.ubuntu.com/4448-1/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html","http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html","http://seclists.org/fulldisclosure/2020/Jun/6","http://www.openwall.com/lists/oss-security/2021/03/01/2","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/","https://security.gentoo.org/glsa/202006-21","https://security.netapp.com/advisory/ntap-20200528-0005/","https://usn.ubuntu.com/4448-1/","https://usn.ubuntu.com/4596-1/","https://www.debian.org/security/2020/dsa-4727","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-05-20T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10722","summary":"A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.","cvss":5.1,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html","https://bugs.dpdk.org/show_bug.cgi?id=267","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/","https://usn.ubuntu.com/4362-1/","https://www.openwall.com/lists/oss-security/2020/05/18/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html","https://bugs.dpdk.org/show_bug.cgi?id=267","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/","https://usn.ubuntu.com/4362-1/","https://www.openwall.com/lists/oss-security/2020/05/18/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-05-19T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10723","summary":"A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.","cvss":5.1,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html","https://bugs.dpdk.org/show_bug.cgi?id=268","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/","https://usn.ubuntu.com/4362-1/","https://www.openwall.com/lists/oss-security/2020/05/18/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html","https://bugs.dpdk.org/show_bug.cgi?id=268","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/","https://usn.ubuntu.com/4362-1/","https://www.openwall.com/lists/oss-security/2020/05/18/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-05-19T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10724","summary":"A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.","cvss":5.1,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.1,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html","https://bugs.dpdk.org/show_bug.cgi?id=269","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/","https://usn.ubuntu.com/4362-1/","https://www.openwall.com/lists/oss-security/2020/05/18/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html","https://bugs.dpdk.org/show_bug.cgi?id=269","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/","https://usn.ubuntu.com/4362-1/","https://www.openwall.com/lists/oss-security/2020/05/18/2","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-05-19T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12662","summary":"Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.15507,"ranking_epss":0.94669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html","http://www.nxnsattack.com","http://www.openwall.com/lists/oss-security/2020/05/19/5","https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/","https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc","https://security.netapp.com/advisory/ntap-20200702-0006/","https://usn.ubuntu.com/4374-1/","https://www.debian.org/security/2020/dsa-4694","https://www.synology.com/security/advisory/Synology_SA_20_12","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html","http://www.nxnsattack.com","http://www.openwall.com/lists/oss-security/2020/05/19/5","https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/","https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc","https://security.netapp.com/advisory/ntap-20200702-0006/","https://usn.ubuntu.com/4374-1/","https://www.debian.org/security/2020/dsa-4694","https://www.synology.com/security/advisory/Synology_SA_20_12"],"published_time":"2020-05-19T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12663","summary":"Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.09083,"ranking_epss":0.92655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html","http://www.openwall.com/lists/oss-security/2020/05/19/5","https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/","https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc","https://usn.ubuntu.com/4374-1/","https://www.debian.org/security/2020/dsa-4694","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html","http://www.openwall.com/lists/oss-security/2020/05/19/5","https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/","https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc","https://usn.ubuntu.com/4374-1/","https://www.debian.org/security/2020/dsa-4694"],"published_time":"2020-05-19T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8617","summary":"Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.92629,"ranking_epss":0.99745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html","http://www.openwall.com/lists/oss-security/2020/05/19/4","https://kb.isc.org/docs/cve-2020-8617","https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/","https://security.netapp.com/advisory/ntap-20200522-0002/","https://usn.ubuntu.com/4365-1/","https://usn.ubuntu.com/4365-2/","https://www.debian.org/security/2020/dsa-4689","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html","http://www.openwall.com/lists/oss-security/2020/05/19/4","https://kb.isc.org/docs/cve-2020-8617","https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/","https://security.netapp.com/advisory/ntap-20200522-0002/","https://usn.ubuntu.com/4365-1/","https://usn.ubuntu.com/4365-2/","https://www.debian.org/security/2020/dsa-4689"],"published_time":"2020-05-19T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13143","summary":"gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.03265,"ranking_epss":0.87148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4419-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.spinics.net/lists/linux-usb/msg194331.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4419-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.spinics.net/lists/linux-usb/msg194331.html"],"published_time":"2020-05-18T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12888","summary":"The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26448,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://www.openwall.com/lists/oss-security/2020/05/19/6","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/","https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/","https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://www.openwall.com/lists/oss-security/2020/05/19/6","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/","https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/","https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/"],"published_time":"2020-05-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11524","summary":"libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.","cvss":6.6,"cvss_version":3.0,"cvss_v2":6.0,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00636,"ranking_epss":0.70445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw","https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf","https://usn.ubuntu.com/4379-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw","https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf","https://usn.ubuntu.com/4379-1/"],"published_time":"2020-05-15T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11525","summary":"libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.","cvss":2.2,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":2.2,"cvss_v4":null,"epss":0.02215,"ranking_epss":0.84476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-15T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11526","summary":"libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.","cvss":2.2,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":2.2,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.4758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-15T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11521","summary":"libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.","cvss":6.6,"cvss_version":3.0,"cvss_v2":6.0,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0139,"ranking_epss":0.80358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-15T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11522","summary":"libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01047,"ranking_epss":0.77502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-15T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11523","summary":"libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.","cvss":6.6,"cvss_version":3.0,"cvss_v2":6.0,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0139,"ranking_epss":0.80358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html","https://github.com/FreeRDP/FreeRDP/commits/master","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-15T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3810","summary":"Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00396,"ranking_epss":0.60447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/bugs/1878177","https://github.com/Debian/apt/issues/111","https://lists.debian.org/debian-security-announce/2020/msg00089.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/","https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6","https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/","https://usn.ubuntu.com/4359-1/","https://usn.ubuntu.com/4359-2/","https://bugs.launchpad.net/bugs/1878177","https://github.com/Debian/apt/issues/111","https://lists.debian.org/debian-security-announce/2020/msg00089.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/","https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6","https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/","https://usn.ubuntu.com/4359-1/","https://usn.ubuntu.com/4359-2/"],"published_time":"2020-05-15T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11931","summary":"An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3","https://usn.ubuntu.com/4355-1/","https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3","https://usn.ubuntu.com/4355-1/"],"published_time":"2020-05-15T04:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0093","summary":"In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132","cvss":5.0,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.3931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html","https://security.gentoo.org/glsa/202007-05","https://source.android.com/security/bulletin/2020-05-01","https://usn.ubuntu.com/4396-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html","https://security.gentoo.org/glsa/202007-05","https://source.android.com/security/bulletin/2020-05-01","https://usn.ubuntu.com/4396-1/"],"published_time":"2020-05-14T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1945","summary":"Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.","cvss":6.3,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html","http://www.openwall.com/lists/oss-security/2020/09/30/6","http://www.openwall.com/lists/oss-security/2020/12/06/1","https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E","https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E","https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E","https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E","https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E","https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E","https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E","https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E","https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E","https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E","https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/","https://security.gentoo.org/glsa/202007-34","https://usn.ubuntu.com/4380-1/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html","http://www.openwall.com/lists/oss-security/2020/09/30/6","http://www.openwall.com/lists/oss-security/2020/12/06/1","https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E","https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E","https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E","https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E","https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E","https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E","https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E","https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E","https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E","https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E","https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E","https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E","https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/","https://security.gentoo.org/glsa/202007-34","https://usn.ubuntu.com/4380-1/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-05-14T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3327","summary":"A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.07618,"ranking_epss":0.91862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/","https://security.gentoo.org/glsa/202007-23","https://usn.ubuntu.com/4370-1/","https://usn.ubuntu.com/4370-2/","https://usn.ubuntu.com/4435-1/","https://usn.ubuntu.com/4435-2/","https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/","https://security.gentoo.org/glsa/202007-23","https://usn.ubuntu.com/4370-1/","https://usn.ubuntu.com/4370-2/","https://usn.ubuntu.com/4435-1/","https://usn.ubuntu.com/4435-2/"],"published_time":"2020-05-13T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3341","summary":"A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04089,"ranking_epss":0.88579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/","https://usn.ubuntu.com/4370-1/","https://usn.ubuntu.com/4370-2/","https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/","https://usn.ubuntu.com/4370-1/","https://usn.ubuntu.com/4370-2/"],"published_time":"2020-05-13T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11058","summary":"In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.","cvss":2.2,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":2.2,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf","https://github.com/FreeRDP/FreeRDP/issues/6011","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf","https://github.com/FreeRDP/FreeRDP/issues/6011","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12826","summary":"A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20904,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1822077","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5","https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lists.openwall.net/linux-kernel/2020/03/24/1803","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4367-1/","https://usn.ubuntu.com/4369-1/","https://usn.ubuntu.com/4391-1/","https://www.openwall.com/lists/kernel-hardening/2020/03/25/1","https://bugzilla.redhat.com/show_bug.cgi?id=1822077","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5","https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lists.openwall.net/linux-kernel/2020/03/24/1803","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4367-1/","https://usn.ubuntu.com/4369-1/","https://usn.ubuntu.com/4391-1/","https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"],"published_time":"2020-05-12T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12783","summary":"Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03185,"ranking_epss":0.86973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/05/04/7","https://bugs.exim.org/show_bug.cgi?id=2571","https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86","https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0","https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/","https://usn.ubuntu.com/4366-1/","https://www.debian.org/security/2020/dsa-4687","http://www.openwall.com/lists/oss-security/2021/05/04/7","https://bugs.exim.org/show_bug.cgi?id=2571","https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86","https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0","https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/","https://usn.ubuntu.com/4366-1/","https://www.debian.org/security/2020/dsa-4687"],"published_time":"2020-05-11T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12767","summary":"exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.36059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/issues/31","https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4358-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","https://github.com/libexif/libexif/issues/31","https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html","https://security.gentoo.org/glsa/202007-05","https://usn.ubuntu.com/4358-1/"],"published_time":"2020-05-09T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12768","summary":"An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d80b64ff297e40c2b6f7d7abc1b3eba70d22a068","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://www.debian.org/security/2020/dsa-4699","https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d80b64ff297e40c2b6f7d7abc1b3eba70d22a068","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://www.debian.org/security/2020/dsa-4699"],"published_time":"2020-05-09T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12769","summary":"An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lkml.org/lkml/2020/2/3/559","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4391-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lkml.org/lkml/2020/2/3/559","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4391-1/"],"published_time":"2020-05-09T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12770","summary":"An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.","cvss":6.7,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/","https://lkml.org/lkml/2020/4/13/870","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4419-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/","https://lkml.org/lkml/2020/4/13/870","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4411-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4419-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699"],"published_time":"2020-05-09T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12771","summary":"An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lkml.org/lkml/2020/4/26/87","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4462-1/","https://usn.ubuntu.com/4463-1/","https://usn.ubuntu.com/4465-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lkml.org/lkml/2020/4/26/87","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4462-1/","https://usn.ubuntu.com/4463-1/","https://usn.ubuntu.com/4465-1/","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2020-05-09T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20795","summary":"iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1171452","https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10","https://security.gentoo.org/glsa/202008-06","https://usn.ubuntu.com/4357-1/","https://bugzilla.suse.com/show_bug.cgi?id=1171452","https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10","https://security.gentoo.org/glsa/202008-06","https://usn.ubuntu.com/4357-1/"],"published_time":"2020-05-09T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12762","summary":"json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0028,"ranking_epss":0.51401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","https://github.com/json-c/json-c/pull/592","https://github.com/rsyslog/libfastjson/issues/161","https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html","https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/","https://security.gentoo.org/glsa/202006-13","https://security.netapp.com/advisory/ntap-20210521-0001/","https://usn.ubuntu.com/4360-1/","https://usn.ubuntu.com/4360-4/","https://www.debian.org/security/2020/dsa-4741","https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","https://github.com/json-c/json-c/pull/592","https://github.com/rsyslog/libfastjson/issues/161","https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html","https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html","https://lists.debian.org/debian-lts-announce/2025/07/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/","https://security.gentoo.org/glsa/202006-13","https://security.netapp.com/advisory/ntap-20210521-0001/","https://usn.ubuntu.com/4360-1/","https://usn.ubuntu.com/4360-4/","https://www.debian.org/security/2020/dsa-4741"],"published_time":"2020-05-09T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10690","summary":"There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4419-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4419-1/"],"published_time":"2020-05-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11047","summary":"In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.2753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65","https://github.com/FreeRDP/FreeRDP/issues/6009","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65","https://github.com/FreeRDP/FreeRDP/issues/6009","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/"],"published_time":"2020-05-07T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11048","summary":"In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.","cvss":2.2,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":2.2,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b","https://github.com/FreeRDP/FreeRDP/issues/6007","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b","https://github.com/FreeRDP/FreeRDP/issues/6007","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-07T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11049","summary":"In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.","cvss":5.5,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0","https://github.com/FreeRDP/FreeRDP/issues/6008","https://github.com/FreeRDP/FreeRDP/pull/6019","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0","https://github.com/FreeRDP/FreeRDP/issues/6008","https://github.com/FreeRDP/FreeRDP/pull/6019","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-07T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11042","summary":"In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f","https://github.com/FreeRDP/FreeRDP/issues/6010","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f","https://github.com/FreeRDP/FreeRDP/issues/6010","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-07T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11044","summary":"In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.","cvss":2.2,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":2.2,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.3157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8","https://github.com/FreeRDP/FreeRDP/issues/6013","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8","https://github.com/FreeRDP/FreeRDP/issues/6013","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/"],"published_time":"2020-05-07T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11045","summary":"In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.","cvss":2.2,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":2.2,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637","https://github.com/FreeRDP/FreeRDP/issues/6005","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637","https://github.com/FreeRDP/FreeRDP/issues/6005","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-07T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11046","summary":"In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.","cvss":5.5,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37","https://github.com/FreeRDP/FreeRDP/issues/6006","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/","https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37","https://github.com/FreeRDP/FreeRDP/issues/6006","https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q","https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","https://usn.ubuntu.com/4379-1/","https://usn.ubuntu.com/4382-1/"],"published_time":"2020-05-07T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12689","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01066,"ranking_epss":0.77695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/05/07/2","https://bugs.launchpad.net/keystone/+bug/1872735","https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E","https://security.openstack.org/ossa/OSSA-2020-004.html","https://usn.ubuntu.com/4480-1/","https://www.openwall.com/lists/oss-security/2020/05/06/5","http://www.openwall.com/lists/oss-security/2020/05/07/2","https://bugs.launchpad.net/keystone/+bug/1872735","https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E","https://security.openstack.org/ossa/OSSA-2020-004.html","https://usn.ubuntu.com/4480-1/","https://www.openwall.com/lists/oss-security/2020/05/06/5"],"published_time":"2020-05-07T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12691","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03566,"ranking_epss":0.87719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/05/07/2","https://bugs.launchpad.net/keystone/+bug/1872733","https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E","https://security.openstack.org/ossa/OSSA-2020-004.html","https://usn.ubuntu.com/4480-1/","https://www.openwall.com/lists/oss-security/2020/05/06/5","http://www.openwall.com/lists/oss-security/2020/05/07/2","https://bugs.launchpad.net/keystone/+bug/1872733","https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E","https://security.openstack.org/ossa/OSSA-2020-004.html","https://usn.ubuntu.com/4480-1/","https://www.openwall.com/lists/oss-security/2020/05/06/5"],"published_time":"2020-05-07T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12692","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/05/07/1","https://bugs.launchpad.net/keystone/+bug/1872737","https://security.openstack.org/ossa/OSSA-2020-003.html","https://usn.ubuntu.com/4480-1/","https://www.openwall.com/lists/oss-security/2020/05/06/4","http://www.openwall.com/lists/oss-security/2020/05/07/1","https://bugs.launchpad.net/keystone/+bug/1872737","https://security.openstack.org/ossa/OSSA-2020-003.html","https://usn.ubuntu.com/4480-1/","https://www.openwall.com/lists/oss-security/2020/05/06/4"],"published_time":"2020-05-07T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12108","summary":"/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.07993,"ranking_epss":0.92091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html","https://bugs.launchpad.net/mailman/+bug/1873722","https://code.launchpad.net/mailman","https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/","https://mail.python.org/pipermail/mailman-announce/","https://usn.ubuntu.com/4354-1/","https://www.debian.org/security/2021/dsa-4991","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html","https://bugs.launchpad.net/mailman/+bug/1873722","https://code.launchpad.net/mailman","https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/","https://mail.python.org/pipermail/mailman-announce/","https://usn.ubuntu.com/4354-1/","https://www.debian.org/security/2021/dsa-4991"],"published_time":"2020-05-06T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12656","summary":"gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://bugzilla.kernel.org/show_bug.cgi?id=206651","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://bugzilla.kernel.org/show_bug.cgi?id=206651","https://usn.ubuntu.com/4483-1/","https://usn.ubuntu.com/4485-1/"],"published_time":"2020-05-05T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10683","summary":"dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0696,"ranking_epss":0.91445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html","https://bugzilla.redhat.com/show_bug.cgi?id=1694235","https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html","https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658","https://github.com/dom4j/dom4j/commits/version-2.0.3","https://github.com/dom4j/dom4j/issues/87","https://github.com/dom4j/dom4j/releases/tag/version-2.1.3","https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E","https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E","https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E","https://security.netapp.com/advisory/ntap-20200518-0002/","https://usn.ubuntu.com/4575-1/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html","https://bugzilla.redhat.com/show_bug.cgi?id=1694235","https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html","https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658","https://github.com/dom4j/dom4j/commits/version-2.0.3","https://github.com/dom4j/dom4j/issues/87","https://github.com/dom4j/dom4j/releases/tag/version-2.1.3","https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E","https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E","https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E","https://security.netapp.com/advisory/ntap-20200518-0002/","https://usn.ubuntu.com/4575-1/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-05-01T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1752","summary":"A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.","cvss":7.0,"cvss_version":3.0,"cvss_v2":3.7,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00187,"ranking_epss":0.40495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","https://security.gentoo.org/glsa/202101-20","https://security.netapp.com/advisory/ntap-20200511-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=25414","https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c","https://usn.ubuntu.com/4416-1/","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","https://security.gentoo.org/glsa/202101-20","https://security.netapp.com/advisory/ntap-20200511-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=25414","https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c","https://usn.ubuntu.com/4416-1/"],"published_time":"2020-04-30T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11651","summary":"An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.94421,"ranking_epss":0.99981,"kev":true,"propose_action":"SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.","ransomware_campaign":"Unknown","references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html","http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html","http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html","http://www.vmware.com/security/advisories/VMSA-2020-0009.html","https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html","https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst","https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG","https://usn.ubuntu.com/4459-1/","https://www.debian.org/security/2020/dsa-4676","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html","http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html","http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html","http://www.vmware.com/security/advisories/VMSA-2020-0009.html","https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html","https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst","https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG","https://usn.ubuntu.com/4459-1/","https://www.debian.org/security/2020/dsa-4676","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11651"],"published_time":"2020-04-30T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11652","summary":"An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.94265,"ranking_epss":0.99936,"kev":true,"propose_action":"SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.","ransomware_campaign":"Unknown","references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html","http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html","http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html","http://support.blackberry.com/kb/articleDetail?articleNumber=000063758","http://www.vmware.com/security/advisories/VMSA-2020-0009.html","https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html","https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst","https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG","https://usn.ubuntu.com/4459-1/","https://www.debian.org/security/2020/dsa-4676","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html","http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html","http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html","http://support.blackberry.com/kb/articleDetail?articleNumber=000063758","http://www.vmware.com/security/advisories/VMSA-2020-0009.html","https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html","https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst","https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG","https://usn.ubuntu.com/4459-1/","https://www.debian.org/security/2020/dsa-4676","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652"],"published_time":"2020-04-30T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11884","summary":"In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4343-1/","https://usn.ubuntu.com/4345-1/","https://www.debian.org/security/2020/dsa-4667","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/","https://security.netapp.com/advisory/ntap-20200608-0001/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4343-1/","https://usn.ubuntu.com/4345-1/","https://www.debian.org/security/2020/dsa-4667"],"published_time":"2020-04-29T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12243","summary":"In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.10757,"ranking_epss":0.93337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html","https://bugs.openldap.org/show_bug.cgi?id=9202","https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES","https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440","https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html","https://security.netapp.com/advisory/ntap-20200511-0003/","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4352-1/","https://usn.ubuntu.com/4352-2/","https://www.debian.org/security/2020/dsa-4666","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html","https://bugs.openldap.org/show_bug.cgi?id=9202","https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES","https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440","https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html","https://security.netapp.com/advisory/ntap-20200511-0003/","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4352-1/","https://usn.ubuntu.com/4352-2/","https://www.debian.org/security/2020/dsa-4666","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-04-28T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12284","summary":"cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.06437,"ranking_epss":0.91062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734","https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726","https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99","https://security.gentoo.org/glsa/202007-58","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734","https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726","https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99","https://security.gentoo.org/glsa/202007-58","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722"],"published_time":"2020-04-28T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15790","summary":"Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.","cvss":2.8,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://bugs.launchpad.net/apport/+bug/1854237","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806","https://usn.ubuntu.com/4171-1/","https://usn.ubuntu.com/4171-2/","https://usn.ubuntu.com/4171-3/","https://usn.ubuntu.com/4171-4/","https://usn.ubuntu.com/4171-5/","http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","http://seclists.org/fulldisclosure/2025/Jun/9","https://bugs.launchpad.net/apport/+bug/1854237","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806","https://usn.ubuntu.com/4171-1/","https://usn.ubuntu.com/4171-2/","https://usn.ubuntu.com/4171-3/","https://usn.ubuntu.com/4171-4/","https://usn.ubuntu.com/4171-5/"],"published_time":"2020-04-28T00:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12137","summary":"GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.05217,"ranking_epss":0.89945,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html","http://www.openwall.com/lists/oss-security/2020/04/24/3","https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/","https://usn.ubuntu.com/4348-1/","https://www.debian.org/security/2020/dsa-4664","https://www.openwall.com/lists/oss-security/2020/02/24/2","https://www.openwall.com/lists/oss-security/2020/02/24/3","http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html","http://www.openwall.com/lists/oss-security/2020/04/24/3","https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/","https://usn.ubuntu.com/4348-1/","https://www.debian.org/security/2020/dsa-4664","https://www.openwall.com/lists/oss-security/2020/02/24/2","https://www.openwall.com/lists/oss-security/2020/02/24/3"],"published_time":"2020-04-24T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15791","summary":"In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.","cvss":7.1,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=601a64857b3d7040ca15c39c929e6b9db3373ec1","https://usn.ubuntu.com/usn/usn-4183-1","https://usn.ubuntu.com/usn/usn-4184-1","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=601a64857b3d7040ca15c39c929e6b9db3373ec1","https://usn.ubuntu.com/usn/usn-4183-1","https://usn.ubuntu.com/usn/usn-4184-1"],"published_time":"2020-04-24T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15792","summary":"In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a \"struct shiftfs_file_info *\". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.","cvss":7.1,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.43886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=5df147c8140efc71ac0879ae3b0057f577226d4c","https://usn.ubuntu.com/usn/usn-4183-1","https://usn.ubuntu.com/usn/usn-4184-1","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=5df147c8140efc71ac0879ae3b0057f577226d4c","https://usn.ubuntu.com/usn/usn-4183-1","https://usn.ubuntu.com/usn/usn-4184-1"],"published_time":"2020-04-24T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15793","summary":"In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb","https://usn.ubuntu.com/usn/usn-4183-1","https://usn.ubuntu.com/usn/usn-4184-1","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb","https://usn.ubuntu.com/usn/usn-4183-1","https://usn.ubuntu.com/usn/usn-4184-1"],"published_time":"2020-04-24T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15794","summary":"Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.","cvss":7.1,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3","https://usn.ubuntu.com/usn/usn-4208-1","https://usn.ubuntu.com/usn/usn-4209-1","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635","https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3","https://usn.ubuntu.com/usn/usn-4208-1","https://usn.ubuntu.com/usn/usn-4209-1"],"published_time":"2020-04-24T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20788","summary":"libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00796,"ranking_epss":0.73979,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed","https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient","https://usn.ubuntu.com/4407-1/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed","https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient","https://usn.ubuntu.com/4407-1/"],"published_time":"2020-04-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11945","summary":"An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.28475,"ranking_epss":0.96527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","http://www.openwall.com/lists/oss-security/2020/04/23/2","http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","https://bugzilla.suse.com/show_bug.cgi?id=1170313","https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811","https://github.com/squid-cache/squid/pull/585","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/","https://security.gentoo.org/glsa/202005-05","https://security.netapp.com/advisory/ntap-20210304-0004/","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","http://www.openwall.com/lists/oss-security/2020/04/23/2","http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","https://bugzilla.suse.com/show_bug.cgi?id=1170313","https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811","https://github.com/squid-cache/squid/pull/585","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/","https://security.gentoo.org/glsa/202005-05","https://security.netapp.com/advisory/ntap-20210304-0004/","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-04-23T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1760","summary":"A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.","cvss":5.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.8,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/","https://security.gentoo.org/glsa/202105-39","https://usn.ubuntu.com/4528-1/","https://www.openwall.com/lists/oss-security/2020/04/07/1","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/","https://security.gentoo.org/glsa/202105-39","https://usn.ubuntu.com/4528-1/","https://www.openwall.com/lists/oss-security/2020/04/07/1"],"published_time":"2020-04-23T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8831","summary":"Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30348,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1862348","https://usn.ubuntu.com/4315-1/","https://usn.ubuntu.com/4315-2/","https://launchpad.net/bugs/1862348","https://usn.ubuntu.com/4315-1/","https://usn.ubuntu.com/4315-2/"],"published_time":"2020-04-22T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8833","summary":"Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.","cvss":5.6,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.6,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933","https://usn.ubuntu.com/4315-1/","https://usn.ubuntu.com/4315-2/","https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933","https://usn.ubuntu.com/4315-1/","https://usn.ubuntu.com/4315-2/"],"published_time":"2020-04-22T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1983","summary":"A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42273,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html","https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04","https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKT2MTSINE4NUPG5L6BYH6N23NBNITOL/","https://usn.ubuntu.com/4372-1/","https://www.debian.org/security/2020/dsa-4665","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html","https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04","https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20","https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKT2MTSINE4NUPG5L6BYH6N23NBNITOL/","https://usn.ubuntu.com/4372-1/","https://www.debian.org/security/2020/dsa-4665"],"published_time":"2020-04-22T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12066","summary":"CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.05727,"ranking_epss":0.90438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00045.html","https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVYG7CCPS5F3OPOQMJKVNXTQ7BXSEX2V/","https://usn.ubuntu.com/4553-1/","https://www.debian.org/security/2020/dsa-4763","https://www.teeworlds.com/forum/viewtopic.php?id=14785","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00045.html","https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVYG7CCPS5F3OPOQMJKVNXTQ7BXSEX2V/","https://usn.ubuntu.com/4553-1/","https://www.debian.org/security/2020/dsa-4763","https://www.teeworlds.com/forum/viewtopic.php?id=14785"],"published_time":"2020-04-22T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12059","summary":"An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00284,"ranking_epss":0.51837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1170170","https://docs.ceph.com/docs/master/releases/mimic/","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://tracker.ceph.com/issues/44967","https://usn.ubuntu.com/4528-1/","https://bugzilla.suse.com/show_bug.cgi?id=1170170","https://docs.ceph.com/docs/master/releases/mimic/","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://tracker.ceph.com/issues/44967","https://usn.ubuntu.com/4528-1/"],"published_time":"2020-04-22T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11008","summary":"Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.","cvss":4.0,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":4.0,"cvss_v4":null,"epss":0.02219,"ranking_epss":0.84488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://seclists.org/fulldisclosure/2020/May/41","https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282","https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7","https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q","https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/","https://security.gentoo.org/glsa/202004-13","https://support.apple.com/kb/HT211183","https://usn.ubuntu.com/4334-1/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://seclists.org/fulldisclosure/2020/May/41","https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282","https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7","https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q","https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/","https://security.gentoo.org/glsa/202004-13","https://support.apple.com/kb/HT211183","https://usn.ubuntu.com/4334-1/"],"published_time":"2020-04-21T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11958","summary":"re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00583,"ranking_epss":0.68976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/04/21/1","https://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/","https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a","https://security.gentoo.org/glsa/202007-28","https://usn.ubuntu.com/4338-1/","https://usn.ubuntu.com/4338-2/","https://www.openwall.com/lists/oss-security/2020/04/19/1","http://www.openwall.com/lists/oss-security/2020/04/21/1","https://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/","https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a","https://security.gentoo.org/glsa/202007-28","https://usn.ubuntu.com/4338-1/","https://usn.ubuntu.com/4338-2/","https://www.openwall.com/lists/oss-security/2020/04/19/1"],"published_time":"2020-04-21T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1751","summary":"An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.","cvss":5.1,"cvss_version":3.0,"cvss_v2":5.9,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751","https://security.gentoo.org/glsa/202006-04","https://security.netapp.com/advisory/ntap-20200430-0002/","https://sourceware.org/bugzilla/show_bug.cgi?id=25423","https://usn.ubuntu.com/4416-1/","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751","https://security.gentoo.org/glsa/202006-04","https://security.netapp.com/advisory/ntap-20200430-0002/","https://sourceware.org/bugzilla/show_bug.cgi?id=25423","https://usn.ubuntu.com/4416-1/"],"published_time":"2020-04-17T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0067","summary":"In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://android.googlesource.com/kernel/common/+/688078e7","http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html","https://source.android.com/security/bulletin/pixel/2020-04-01","https://usn.ubuntu.com/4387-1/","https://usn.ubuntu.com/4388-1/","https://usn.ubuntu.com/4389-1/","https://usn.ubuntu.com/4390-1/","https://usn.ubuntu.com/4527-1/","http://android.googlesource.com/kernel/common/+/688078e7","http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html","https://source.android.com/security/bulletin/pixel/2020-04-01","https://usn.ubuntu.com/4387-1/","https://usn.ubuntu.com/4388-1/","https://usn.ubuntu.com/4389-1/","https://usn.ubuntu.com/4390-1/","https://usn.ubuntu.com/4527-1/"],"published_time":"2020-04-17T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11793","summary":"A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/","https://security.gentoo.org/glsa/202006-08","https://usn.ubuntu.com/4331-1/","https://webkitgtk.org/security/WSA-2020-0004.html","https://wpewebkit.org/security/WSA-2020-0004.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/","https://security.gentoo.org/glsa/202006-08","https://usn.ubuntu.com/4331-1/","https://webkitgtk.org/security/WSA-2020-0004.html","https://wpewebkit.org/security/WSA-2020-0004.html"],"published_time":"2020-04-17T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7306","summary":"Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu","cvss":4.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00308,"ranking_epss":0.5401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7306","https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7306"],"published_time":"2020-04-17T02:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12519","summary":"An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.07536,"ranking_epss":0.91819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.openwall.com/lists/oss-security/2020/04/23/1","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.gentoo.org/glsa/202005-05","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.openwall.com/lists/oss-security/2020/04/23/1","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.gentoo.org/glsa/202005-05","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-04-15T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12520","summary":"An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.06184,"ranking_epss":0.90847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.squid-cache.org/Versions/v4/","http://www.squid-cache.org/Versions/v4/changesets/","https://github.com/squid-cache/squid/commits/v4","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682","http://www.squid-cache.org/Versions/v4/","http://www.squid-cache.org/Versions/v4/changesets/","https://github.com/squid-cache/squid/commits/v4","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-04-15T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12521","summary":"An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00565,"ranking_epss":0.68435,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.openwall.com/lists/oss-security/2020/04/23/1","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.gentoo.org/glsa/202005-05","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.openwall.com/lists/oss-security/2020/04/23/1","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.gentoo.org/glsa/202005-05","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-04-15T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12524","summary":"An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00549,"ranking_epss":0.6792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682","https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://security.netapp.com/advisory/ntap-20210205-0006/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-04-15T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2930","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00432,"ranking_epss":0.62651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2922","summary":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00209,"ranking_epss":0.43326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2923","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2924","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2925","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2892","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00373,"ranking_epss":0.59035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2893","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2895","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2896","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2897","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2898","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00373,"ranking_epss":0.59035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2901","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2903","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2904","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2816","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00708,"ranking_epss":0.72183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2830","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2800","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2803","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"cvss_v4":null,"epss":0.03262,"ranking_epss":0.87144,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2804","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00983,"ranking_epss":0.76795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2805","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"cvss_v4":null,"epss":0.01833,"ranking_epss":0.82917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2812","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.3135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202012-08","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202012-08","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2781","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2765","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00373,"ranking_epss":0.59035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2767","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00328,"ranking_epss":0.55827,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2773","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00771,"ranking_epss":0.73539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2778","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00435,"ranking_epss":0.62872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2780","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2754","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00295,"ranking_epss":0.52767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2755","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2756","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.4942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2757","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.4942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10332","https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/","https://security.gentoo.org/glsa/202006-22","https://security.gentoo.org/glsa/202209-15","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4337-1/","https://www.debian.org/security/2020/dsa-4662","https://www.debian.org/security/2020/dsa-4668","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2759","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2760","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","cvss":5.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202012-08","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202012-08","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2762","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00373,"ranking_epss":0.59035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2763","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200416-0003/","https://usn.ubuntu.com/4350-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-04-15T14:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11758","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00642,"ranking_epss":0.70594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11759","summary":"An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01059,"ranking_epss":0.77622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11760","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00642,"ranking_epss":0.70594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11761","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11762","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11763","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11764","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00781,"ranking_epss":0.73707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11765","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5260","summary":"Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.","cvss":9.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":9.3,"cvss_v4":null,"epss":0.32539,"ranking_epss":0.96858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html","http://www.openwall.com/lists/oss-security/2020/04/15/5","http://www.openwall.com/lists/oss-security/2020/04/15/6","http://www.openwall.com/lists/oss-security/2020/04/20/1","https://github.com/git/git/commit/9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b","https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q","https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/","https://lore.kernel.org/git/xmqqy2qy7xn8.fsf%40gitster.c.googlers.com/","https://security.gentoo.org/glsa/202004-13","https://support.apple.com/kb/HT211141","https://usn.ubuntu.com/4329-1/","https://www.debian.org/security/2020/dsa-4657","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html","http://www.openwall.com/lists/oss-security/2020/04/15/5","http://www.openwall.com/lists/oss-security/2020/04/15/6","http://www.openwall.com/lists/oss-security/2020/04/20/1","https://github.com/git/git/commit/9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b","https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q","https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/","https://lore.kernel.org/git/xmqqy2qy7xn8.fsf%40gitster.c.googlers.com/","https://security.gentoo.org/glsa/202004-13","https://support.apple.com/kb/HT211141","https://usn.ubuntu.com/4329-1/","https://www.debian.org/security/2020/dsa-4657"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11736","summary":"fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.","cvss":3.9,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00336,"ranking_epss":0.56475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0","https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html","https://security.gentoo.org/glsa/202009-06","https://usn.ubuntu.com/4332-1/","https://usn.ubuntu.com/4332-2/","https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0","https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html","https://security.gentoo.org/glsa/202009-06","https://usn.ubuntu.com/4332-1/","https://usn.ubuntu.com/4332-2/"],"published_time":"2020-04-13T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1730","summary":"A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/","https://security.netapp.com/advisory/ntap-20200424-0001/","https://usn.ubuntu.com/4327-1/","https://www.libssh.org/security/advisories/CVE-2020-1730.txt","https://www.oracle.com/security-alerts/cpuoct2020.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/","https://security.netapp.com/advisory/ntap-20200424-0001/","https://usn.ubuntu.com/4327-1/","https://www.libssh.org/security/advisories/CVE-2020-1730.txt","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-04-13T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7305","summary":"Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian","cvss":5.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":5.8,"cvss_v4":null,"epss":0.01166,"ranking_epss":0.78632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://launchpad.net/bugs/1822013","https://launchpad.net/bugs/1822013"],"published_time":"2020-04-10T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8832","summary":"The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (\"The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.\") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.54408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/usn/usn-4302-1","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/usn/usn-4302-1"],"published_time":"2020-04-10T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8834","summary":"KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (\"KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures\") 87a11bb6a7f7 (\"KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode\") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\") 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\") 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717","https://usn.ubuntu.com/4318-1/","https://usn.ubuntu.com/usn/usn-4318-1","https://www.openwall.com/lists/oss-security/2020/04/06/2","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717","https://usn.ubuntu.com/4318-1/","https://usn.ubuntu.com/usn/usn-4318-1","https://www.openwall.com/lists/oss-security/2020/04/06/2"],"published_time":"2020-04-09T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11655","summary":"SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0489,"ranking_epss":0.89582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200416-0001/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.tenable.com/security/tns-2021-14","https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200416-0001/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.tenable.com/security/tns-2021-14","https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c"],"published_time":"2020-04-09T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11609","summary":"An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205","https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4698","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205","https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-04-07T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11608","summary":"An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30","https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4698","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30","https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-04-07T14:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11565","summary":"An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”","cvss":6.0,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":6.0,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd","https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://usn.ubuntu.com/4363-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4367-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4667","https://www.debian.org/security/2020/dsa-4698","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd","https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://usn.ubuntu.com/4363-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4367-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4667","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-04-06T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11501","summary":"GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"cvss_v4":null,"epss":0.11487,"ranking_epss":0.93611,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html","https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2","https://gitlab.com/gnutls/gnutls/-/issues/960","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://security.gentoo.org/glsa/202004-06","https://security.netapp.com/advisory/ntap-20200416-0002/","https://usn.ubuntu.com/4322-1/","https://www.debian.org/security/2020/dsa-4652","https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html","https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2","https://gitlab.com/gnutls/gnutls/-/issues/960","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://security.gentoo.org/glsa/202004-06","https://security.netapp.com/advisory/ntap-20200416-0002/","https://usn.ubuntu.com/4322-1/","https://www.debian.org/security/2020/dsa-4652","https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31"],"published_time":"2020-04-03T13:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11494","summary":"An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23789,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html","http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=08fadc32ce6239dc75fd5e869590e29bc62bbc28","https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4363-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4698","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html","http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=08fadc32ce6239dc75fd5e869590e29bc62bbc28","https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4363-1/","https://usn.ubuntu.com/4364-1/","https://usn.ubuntu.com/4368-1/","https://usn.ubuntu.com/4369-1/","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-04-02T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8835","summary":"In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.23269,"ranking_epss":0.9595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/07/20/1","https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/","https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4313-1/","https://usn.ubuntu.com/usn/usn-4313-1","https://www.openwall.com/lists/oss-security/2020/03/30/3","https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results","http://www.openwall.com/lists/oss-security/2021/07/20/1","https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/","https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/","https://security.netapp.com/advisory/ntap-20200430-0004/","https://usn.ubuntu.com/4313-1/","https://usn.ubuntu.com/usn/usn-4313-1","https://www.openwall.com/lists/oss-security/2020/03/30/3","https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results"],"published_time":"2020-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11100","summary":"In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.74791,"ranking_epss":0.98861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html","http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html","http://www.haproxy.org","https://bugzilla.redhat.com/show_bug.cgi?id=1819111","https://bugzilla.suse.com/show_bug.cgi?id=1168023","https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88","https://lists.debian.org/debian-security-announce/2020/msg00052.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/","https://security.gentoo.org/glsa/202012-22","https://usn.ubuntu.com/4321-1/","https://www.debian.org/security/2020/dsa-4649","https://www.haproxy.org/download/2.1/src/CHANGELOG","https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html","http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html","http://www.haproxy.org","https://bugzilla.redhat.com/show_bug.cgi?id=1819111","https://bugzilla.suse.com/show_bug.cgi?id=1168023","https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88","https://lists.debian.org/debian-security-announce/2020/msg00052.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/","https://security.gentoo.org/glsa/202012-22","https://usn.ubuntu.com/4321-1/","https://www.debian.org/security/2020/dsa-4649","https://www.haproxy.org/download/2.1/src/CHANGELOG","https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html"],"published_time":"2020-04-02T15:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1927","summary":"In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.","cvss":6.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.1,"cvss_v4":null,"epss":0.11302,"ranking_epss":0.93528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","http://www.openwall.com/lists/oss-security/2020/04/03/1","http://www.openwall.com/lists/oss-security/2020/04/04/1","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","https://security.netapp.com/advisory/ntap-20200413-0002/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","http://www.openwall.com/lists/oss-security/2020/04/03/1","http://www.openwall.com/lists/oss-security/2020/04/04/1","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","https://security.netapp.com/advisory/ntap-20200413-0002/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2020-04-02T00:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1934","summary":"In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.38657,"ranking_epss":0.97248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","https://security.netapp.com/advisory/ntap-20200413-0002/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","https://security.netapp.com/advisory/ntap-20200413-0002/","https://usn.ubuntu.com/4458-1/","https://www.debian.org/security/2020/dsa-4757","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-04-01T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7064","summary":"In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0233,"ranking_epss":0.8483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html","https://bugs.php.net/bug.php?id=79282","https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html","https://security.netapp.com/advisory/ntap-20200403-0001/","https://usn.ubuntu.com/4330-1/","https://usn.ubuntu.com/4330-2/","https://www.debian.org/security/2020/dsa-4717","https://www.debian.org/security/2020/dsa-4719","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html","https://bugs.php.net/bug.php?id=79282","https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html","https://security.netapp.com/advisory/ntap-20200403-0001/","https://usn.ubuntu.com/4330-1/","https://usn.ubuntu.com/4330-2/","https://www.debian.org/security/2020/dsa-4717","https://www.debian.org/security/2020/dsa-4719","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.tenable.com/security/tns-2021-14"],"published_time":"2020-04-01T04:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7065","summary":"In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.","cvss":7.4,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.4,"cvss_v4":null,"epss":0.05019,"ranking_epss":0.8973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.php.net/bug.php?id=79371","https://security.netapp.com/advisory/ntap-20200403-0001/","https://usn.ubuntu.com/4330-1/","https://usn.ubuntu.com/4330-2/","https://www.debian.org/security/2020/dsa-4719","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.php.net/ChangeLog-7.php#7.4.4","https://www.tenable.com/security/tns-2021-14","https://bugs.php.net/bug.php?id=79371","https://security.netapp.com/advisory/ntap-20200403-0001/","https://usn.ubuntu.com/4330-1/","https://usn.ubuntu.com/4330-2/","https://www.debian.org/security/2020/dsa-4719","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.php.net/ChangeLog-7.php#7.4.4","https://www.tenable.com/security/tns-2021-14"],"published_time":"2020-04-01T04:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15795","summary":"python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.","cvss":4.7,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/4247-1/","https://usn.ubuntu.com/4247-3/","https://usn.ubuntu.com/4247-1/","https://usn.ubuntu.com/4247-3/"],"published_time":"2020-03-26T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15796","summary":"Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.","cvss":4.7,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00174,"ranking_epss":0.3879,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/4247-1/","https://usn.ubuntu.com/4247-3/","https://usn.ubuntu.com/4247-1/","https://usn.ubuntu.com/4247-3/"],"published_time":"2020-03-26T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6814","summary":"Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00837,"ranking_epss":0.74664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/"],"published_time":"2020-03-25T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6805","summary":"When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00853,"ranking_epss":0.74928,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1610880","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/","https://bugzilla.mozilla.org/show_bug.cgi?id=1610880","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/"],"published_time":"2020-03-25T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6806","summary":"By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03504,"ranking_epss":0.87614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1612308","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/","http://packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1612308","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/"],"published_time":"2020-03-25T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6807","summary":"When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00779,"ranking_epss":0.73668,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1614971","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/","https://bugzilla.mozilla.org/show_bug.cgi?id=1614971","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/"],"published_time":"2020-03-25T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6811","summary":"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01843,"ranking_epss":0.82963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1607742","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/","https://bugzilla.mozilla.org/show_bug.cgi?id=1607742","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/"],"published_time":"2020-03-25T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6812","summary":"The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00581,"ranking_epss":0.68908,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1616661","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/","https://bugzilla.mozilla.org/show_bug.cgi?id=1616661","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-08/","https://www.mozilla.org/security/advisories/mfsa2020-09/","https://www.mozilla.org/security/advisories/mfsa2020-10/"],"published_time":"2020-03-25T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10942","summary":"In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.4,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html","http://www.openwall.com/lists/oss-security/2020/04/15/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8","https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lkml.org/lkml/2020/2/15/125","https://security.netapp.com/advisory/ntap-20200403-0003/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4364-1/","https://www.debian.org/security/2020/dsa-4667","https://www.debian.org/security/2020/dsa-4698","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html","http://www.openwall.com/lists/oss-security/2020/04/15/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8","https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lkml.org/lkml/2020/2/15/125","https://security.netapp.com/advisory/ntap-20200403-0003/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4364-1/","https://www.debian.org/security/2020/dsa-4667","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-03-24T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1950","summary":"A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00412,"ranking_epss":0.61476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html","https://usn.ubuntu.com/4564-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html","https://usn.ubuntu.com/4564-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-03-23T14:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1951","summary":"A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.4314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html","https://usn.ubuntu.com/4564-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html","https://usn.ubuntu.com/4564-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-03-23T14:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18860","summary":"Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.04339,"ranking_epss":0.88931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","https://github.com/squid-cache/squid/pull/504","https://github.com/squid-cache/squid/pull/505","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4732","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.openwall.com/lists/oss-security/2025/11/04/7","http://www.openwall.com/lists/oss-security/2025/11/05/1","http://www.openwall.com/lists/oss-security/2025/11/05/7","https://github.com/squid-cache/squid/pull/504","https://github.com/squid-cache/squid/pull/505","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://usn.ubuntu.com/4356-1/","https://www.debian.org/security/2020/dsa-4732"],"published_time":"2020-03-20T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14855","summary":"A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00404,"ranking_epss":0.60934,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855","https://dev.gnupg.org/T4755","https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html","https://rwc.iacr.org/2020/slides/Leurent.pdf","https://usn.ubuntu.com/4516-1/","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855","https://dev.gnupg.org/T4755","https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html","https://rwc.iacr.org/2020/slides/Leurent.pdf","https://usn.ubuntu.com/4516-1/"],"published_time":"2020-03-20T16:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0556","summary":"Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.37002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html","https://security.gentoo.org/glsa/202003-49","https://usn.ubuntu.com/4311-1/","https://www.debian.org/security/2020/dsa-4647","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html","https://security.gentoo.org/glsa/202003-49","https://usn.ubuntu.com/4311-1/","https://www.debian.org/security/2020/dsa-4647","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html"],"published_time":"2020-03-12T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10531","summary":"An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0079,"ranking_epss":0.7387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html","https://access.redhat.com/errata/RHSA-2020:0738","https://bugs.chromium.org/p/chromium/issues/detail?id=1044570","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html","https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08","https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca","https://github.com/unicode-org/icu/pull/971","https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-15","https://unicode-org.atlassian.net/browse/ICU-20958","https://usn.ubuntu.com/4305-1/","https://www.debian.org/security/2020/dsa-4646","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html","https://access.redhat.com/errata/RHSA-2020:0738","https://bugs.chromium.org/p/chromium/issues/detail?id=1044570","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html","https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08","https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca","https://github.com/unicode-org/icu/pull/971","https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-15","https://unicode-org.atlassian.net/browse/ICU-20958","https://usn.ubuntu.com/4305-1/","https://www.debian.org/security/2020/dsa-4646","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-03-12T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10108","summary":"In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.03411,"ranking_epss":0.87435,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://know.bishopfox.com/advisories","https://know.bishopfox.com/advisories/twisted-version-19.10.0","https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/","https://security.gentoo.org/glsa/202007-24","https://usn.ubuntu.com/4308-1/","https://usn.ubuntu.com/4308-2/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://know.bishopfox.com/advisories","https://know.bishopfox.com/advisories/twisted-version-19.10.0","https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/","https://security.gentoo.org/glsa/202007-24","https://usn.ubuntu.com/4308-1/","https://usn.ubuntu.com/4308-2/","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-03-12T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10109","summary":"In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.03518,"ranking_epss":0.87641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://know.bishopfox.com/advisories","https://know.bishopfox.com/advisories/twisted-version-19.10.0","https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/","https://security.gentoo.org/glsa/202007-24","https://usn.ubuntu.com/4308-1/","https://usn.ubuntu.com/4308-2/","https://know.bishopfox.com/advisories","https://know.bishopfox.com/advisories/twisted-version-19.10.0","https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/","https://security.gentoo.org/glsa/202007-24","https://usn.ubuntu.com/4308-1/","https://usn.ubuntu.com/4308-2/"],"published_time":"2020-03-12T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20503","summary":"usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02474,"ranking_epss":0.85277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html","http://seclists.org/fulldisclosure/2020/May/49","http://seclists.org/fulldisclosure/2020/May/52","http://seclists.org/fulldisclosure/2020/May/55","http://seclists.org/fulldisclosure/2020/May/59","https://access.redhat.com/errata/RHSA-2020:0815","https://access.redhat.com/errata/RHSA-2020:0816","https://access.redhat.com/errata/RHSA-2020:0819","https://access.redhat.com/errata/RHSA-2020:0820","https://bugs.chromium.org/p/project-zero/issues/detail?id=1992","https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html","https://crbug.com/1059349","https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467","https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html","https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://support.apple.com/HT211168","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211177","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175","https://support.apple.com/kb/HT211177","https://usn.ubuntu.com/4299-1/","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4639","https://www.debian.org/security/2020/dsa-4642","https://www.debian.org/security/2020/dsa-4645","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html","http://seclists.org/fulldisclosure/2020/May/49","http://seclists.org/fulldisclosure/2020/May/52","http://seclists.org/fulldisclosure/2020/May/55","http://seclists.org/fulldisclosure/2020/May/59","https://access.redhat.com/errata/RHSA-2020:0815","https://access.redhat.com/errata/RHSA-2020:0816","https://access.redhat.com/errata/RHSA-2020:0819","https://access.redhat.com/errata/RHSA-2020:0820","https://bugs.chromium.org/p/project-zero/issues/detail?id=1992","https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html","https://crbug.com/1059349","https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467","https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html","https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://support.apple.com/HT211168","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211177","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175","https://support.apple.com/kb/HT211177","https://usn.ubuntu.com/4299-1/","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4639","https://www.debian.org/security/2020/dsa-4642","https://www.debian.org/security/2020/dsa-4645"],"published_time":"2020-03-06T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20382","summary":"QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.","cvss":3.5,"cvss_version":3.0,"cvss_v2":2.7,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html","http://www.openwall.com/lists/oss-security/2020/03/05/1","https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://usn.ubuntu.com/4372-1/","https://www.debian.org/security/2020/dsa-4665","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html","http://www.openwall.com/lists/oss-security/2020/03/05/1","https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://usn.ubuntu.com/4372-1/","https://www.debian.org/security/2020/dsa-4665"],"published_time":"2020-03-05T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10174","summary":"init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/03/06/3","https://bugzilla.suse.com/show_bug.cgi?id=1165802","https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462","https://github.com/teejee2008/timeshift/releases/tag/v20.03","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SXDEPC52G46U6I7GLQNFLZXVSM7V2HYY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXXYQFSZ5P6ZMNFIDBAQKBFZIR2T7ZLL/","https://usn.ubuntu.com/4312-1/","http://www.openwall.com/lists/oss-security/2020/03/06/3","https://bugzilla.suse.com/show_bug.cgi?id=1165802","https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462","https://github.com/teejee2008/timeshift/releases/tag/v20.03","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SXDEPC52G46U6I7GLQNFLZXVSM7V2HYY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXXYQFSZ5P6ZMNFIDBAQKBFZIR2T7ZLL/","https://usn.ubuntu.com/4312-1/"],"published_time":"2020-03-05T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9402","summary":"Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.85514,"ranking_epss":0.99371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.djangoproject.com/en/3.0/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY","https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/","https://security.gentoo.org/glsa/202004-17","https://security.netapp.com/advisory/ntap-20200327-0004/","https://usn.ubuntu.com/4296-1/","https://www.debian.org/security/2020/dsa-4705","https://www.djangoproject.com/weblog/2020/mar/04/security-releases/","https://docs.djangoproject.com/en/3.0/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY","https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/","https://security.gentoo.org/glsa/202004-17","https://security.netapp.com/advisory/ntap-20200327-0004/","https://usn.ubuntu.com/4296-1/","https://www.debian.org/security/2020/dsa-4705","https://www.djangoproject.com/weblog/2020/mar/04/security-releases/"],"published_time":"2020-03-05T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10029","summary":"The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html","https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/","https://security.gentoo.org/glsa/202006-04","https://security.netapp.com/advisory/ntap-20200327-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=25487","https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=9333498794cde1d5cca518badf79533a24114b6f","https://usn.ubuntu.com/4416-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html","https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/","https://security.gentoo.org/glsa/202006-04","https://security.netapp.com/advisory/ntap-20200327-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=25487","https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=9333498794cde1d5cca518badf79533a24114b6f","https://usn.ubuntu.com/4416-1/"],"published_time":"2020-03-04T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10018","summary":"WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02644,"ranking_epss":0.8573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html","https://bugs.webkit.org/show_bug.cgi?id=204342#c21","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/","https://security.gentoo.org/glsa/202006-08","https://usn.ubuntu.com/4310-1/","https://webkitgtk.org/security/WSA-2020-0003.html","https://wpewebkit.org/security/WSA-2020-0003.html","https://www.debian.org/security/2020/dsa-4641","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html","https://bugs.webkit.org/show_bug.cgi?id=204342#c21","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/","https://security.gentoo.org/glsa/202006-08","https://usn.ubuntu.com/4310-1/","https://webkitgtk.org/security/WSA-2020-0003.html","https://wpewebkit.org/security/WSA-2020-0003.html","https://www.debian.org/security/2020/dsa-4641"],"published_time":"2020-03-02T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6800","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0125,"ranking_epss":0.7933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4278-2/","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-05/","https://www.mozilla.org/security/advisories/mfsa2020-06/","https://www.mozilla.org/security/advisories/mfsa2020-07/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4278-2/","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-05/","https://www.mozilla.org/security/advisories/mfsa2020-06/","https://www.mozilla.org/security/advisories/mfsa2020-07/"],"published_time":"2020-03-02T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6801","summary":"Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.6879,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492","https://usn.ubuntu.com/4278-2/","https://www.mozilla.org/security/advisories/mfsa2020-05/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492","https://usn.ubuntu.com/4278-2/","https://www.mozilla.org/security/advisories/mfsa2020-05/"],"published_time":"2020-03-02T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17026","summary":"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.64805,"ranking_epss":0.98465,"kev":true,"propose_action":"Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1607443","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-03/","https://www.mozilla.org/security/advisories/mfsa2020-04/","http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html","https://bugzilla.mozilla.org/show_bug.cgi?id=1607443","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-03/","https://www.mozilla.org/security/advisories/mfsa2020-04/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17026"],"published_time":"2020-03-02T05:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6792","summary":"When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00953,"ranking_epss":0.76404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1609607","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-07/","https://bugzilla.mozilla.org/show_bug.cgi?id=1609607","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-07/"],"published_time":"2020-03-02T05:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6794","summary":"If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.60668,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1606619","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-07/","https://bugzilla.mozilla.org/show_bug.cgi?id=1606619","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4328-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2020-07/"],"published_time":"2020-03-02T05:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7062","summary":"In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01155,"ranking_epss":0.78536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html","https://bugs.php.net/bug.php?id=79221","https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html","https://security.gentoo.org/glsa/202003-57","https://usn.ubuntu.com/4330-1/","https://www.debian.org/security/2020/dsa-4717","https://www.debian.org/security/2020/dsa-4719","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html","https://bugs.php.net/bug.php?id=79221","https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html","https://security.gentoo.org/glsa/202003-57","https://usn.ubuntu.com/4330-1/","https://www.debian.org/security/2020/dsa-4717","https://www.debian.org/security/2020/dsa-4719","https://www.tenable.com/security/tns-2021-14"],"published_time":"2020-02-27T21:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9274","summary":"An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.14489,"ranking_epss":0.94446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa","https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/","https://security.gentoo.org/glsa/202003-54","https://usn.ubuntu.com/4515-1/","https://www.pureftpd.org/project/pure-ftpd/news/","https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa","https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/","https://security.gentoo.org/glsa/202003-54","https://usn.ubuntu.com/4515-1/","https://www.pureftpd.org/project/pure-ftpd/news/"],"published_time":"2020-02-26T16:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8793","summary":"OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00786,"ranking_epss":0.73803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Feb/28","http://www.openwall.com/lists/oss-security/2020/02/24/4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","https://usn.ubuntu.com/4294-1/","https://www.openbsd.org/security.html","http://seclists.org/fulldisclosure/2020/Feb/28","http://www.openwall.com/lists/oss-security/2020/02/24/4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","https://usn.ubuntu.com/4294-1/","https://www.openbsd.org/security.html"],"published_time":"2020-02-25T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8794","summary":"OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.88136,"ranking_epss":0.99487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html","http://seclists.org/fulldisclosure/2020/Feb/32","http://www.openwall.com/lists/oss-security/2020/02/26/1","http://www.openwall.com/lists/oss-security/2020/03/01/1","http://www.openwall.com/lists/oss-security/2020/03/01/2","http://www.openwall.com/lists/oss-security/2021/05/04/7","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","https://usn.ubuntu.com/4294-1/","https://www.debian.org/security/2020/dsa-4634","https://www.openbsd.org/security.html","https://www.openwall.com/lists/oss-security/2020/02/24/5","http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html","http://seclists.org/fulldisclosure/2020/Feb/32","http://www.openwall.com/lists/oss-security/2020/02/26/1","http://www.openwall.com/lists/oss-security/2020/03/01/1","http://www.openwall.com/lists/oss-security/2020/03/01/2","http://www.openwall.com/lists/oss-security/2021/05/04/7","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","https://usn.ubuntu.com/4294-1/","https://www.debian.org/security/2020/dsa-4634","https://www.openbsd.org/security.html","https://www.openwall.com/lists/oss-security/2020/02/24/5"],"published_time":"2020-02-25T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9383","summary":"An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530","https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200313-0003/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4346-1/","https://www.debian.org/security/2020/dsa-4698","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530","https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200313-0003/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4346-1/","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-02-25T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1935","summary":"In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.01366,"ranking_epss":0.80194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://security.netapp.com/advisory/ntap-20200327-0005/","https://usn.ubuntu.com/4448-1/","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://security.netapp.com/advisory/ntap-20200327-0005/","https://usn.ubuntu.com/4448-1/","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-02-24T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8130","summary":"There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.","cvss":6.4,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.3445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://hackerone.com/reports/651518","https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/","https://usn.ubuntu.com/4295-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://hackerone.com/reports/651518","https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/","https://usn.ubuntu.com/4295-1/"],"published_time":"2020-02-24T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-9542","summary":"add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.019,"ranking_epss":0.8323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542","https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0","https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html","https://usn.ubuntu.com/4290-1/","https://usn.ubuntu.com/4290-2/","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542","https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0","https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html","https://usn.ubuntu.com/4290-1/","https://usn.ubuntu.com/4290-2/"],"published_time":"2020-02-24T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9327","summary":"In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00951,"ranking_epss":0.76374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://security.gentoo.org/glsa/202003-16","https://security.netapp.com/advisory/ntap-20200313-0002/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.sqlite.org/cgi/src/info/4374860b29383380","https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e","https://www.sqlite.org/cgi/src/info/abc473fb8fb99900","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://security.gentoo.org/glsa/202003-16","https://security.netapp.com/advisory/ntap-20200313-0002/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.sqlite.org/cgi/src/info/4374860b29383380","https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e","https://www.sqlite.org/cgi/src/info/abc473fb8fb99900"],"published_time":"2020-02-21T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2011-4915","summary":"fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497","http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4915.html","http://www.openwall.com/lists/oss-security/2011/11/07/9","https://lkml.org/lkml/2011/11/7/340","https://seclists.org/oss-sec/2011/q4/571","https://security-tracker.debian.org/tracker/CVE-2011-4915","https://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-about-keyboard-11131","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497","http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4915.html","http://www.openwall.com/lists/oss-security/2011/11/07/9","https://lkml.org/lkml/2011/11/7/340","https://seclists.org/oss-sec/2011/q4/571","https://security-tracker.debian.org/tracker/CVE-2011-4915","https://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-about-keyboard-11131"],"published_time":"2020-02-20T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9308","summary":"archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00703,"ranking_epss":0.72064,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459","https://github.com/libarchive/libarchive/pull/1326","https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J76F7VU7HC3GBKG5SAKTRBOFOI3RGO6M/","https://security.gentoo.org/glsa/202003-28","https://usn.ubuntu.com/4293-1/","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459","https://github.com/libarchive/libarchive/pull/1326","https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J76F7VU7HC3GBKG5SAKTRBOFOI3RGO6M/","https://security.gentoo.org/glsa/202003-28","https://usn.ubuntu.com/4293-1/"],"published_time":"2020-02-20T07:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2011-2498","summary":"The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://marc.info/?l=oss-security&m=130923704824984&w=2","https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2498.html","https://security-tracker.debian.org/tracker/CVE-2011-2498","https://usn.ubuntu.com/1167-1/","https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-1383-1","http://marc.info/?l=oss-security&m=130923704824984&w=2","https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2498.html","https://security-tracker.debian.org/tracker/CVE-2011-2498","https://usn.ubuntu.com/1167-1/","https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-1383-1"],"published_time":"2020-02-20T04:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-7747","summary":"Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.53986,"ranking_epss":0.98011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html","http://www.openwall.com/lists/oss-security/2015/10/06/2","http://www.ubuntu.com/usn/USN-2787-1","https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721","https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch","https://www.openwall.com/lists/oss-security/2015/10/08/1","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html","http://www.openwall.com/lists/oss-security/2015/10/06/2","http://www.ubuntu.com/usn/USN-2787-1","https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721","https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch","https://www.openwall.com/lists/oss-security/2015/10/08/1"],"published_time":"2020-02-19T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6061","summary":"An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.0,"cvss_v4":null,"epss":0.01772,"ranking_epss":0.82654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/","https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984","https://usn.ubuntu.com/4415-1/","https://www.debian.org/security/2020/dsa-4711","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/","https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984","https://usn.ubuntu.com/4415-1/","https://www.debian.org/security/2020/dsa-4711"],"published_time":"2020-02-19T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6062","summary":"An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.","cvss":5.9,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.9,"cvss_v4":null,"epss":0.08329,"ranking_epss":0.92284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/","https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985","https://usn.ubuntu.com/4415-1/","https://www.debian.org/security/2020/dsa-4711","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/","https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985","https://usn.ubuntu.com/4415-1/","https://www.debian.org/security/2020/dsa-4711"],"published_time":"2020-02-19T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2012-0055","summary":"OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00393,"ranking_epss":0.60271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2012/01/17/11","http://www.ubuntu.com/usn/USN-1363-1","http://www.ubuntu.com/usn/USN-1364-1","http://www.ubuntu.com/usn/USN-1384-1","https://access.redhat.com/security/cve/cve-2012-0055","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055","http://www.openwall.com/lists/oss-security/2012/01/17/11","http://www.ubuntu.com/usn/USN-1363-1","http://www.ubuntu.com/usn/USN-1364-1","http://www.ubuntu.com/usn/USN-1384-1","https://access.redhat.com/security/cve/cve-2012-0055","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055"],"published_time":"2020-02-19T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-0258","summary":"Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.16497,"ranking_epss":0.94902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html","https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335","https://lists.debian.org/debian-lts-announce/2020/02/msg00031.html","https://usn.ubuntu.com/4590-1/","http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html","https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335","https://lists.debian.org/debian-lts-announce/2020/02/msg00031.html","https://usn.ubuntu.com/4590-1/"],"published_time":"2020-02-17T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8992","summary":"ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16838,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://patchwork.ozlabs.org/patch/1236118/","https://security.netapp.com/advisory/ntap-20200313-0003/","https://usn.ubuntu.com/4318-1/","https://usn.ubuntu.com/4324-1/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4419-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://patchwork.ozlabs.org/patch/1236118/","https://security.netapp.com/advisory/ntap-20200313-0003/","https://usn.ubuntu.com/4318-1/","https://usn.ubuntu.com/4324-1/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4419-1/"],"published_time":"2020-02-14T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19921","summary":"runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html","https://access.redhat.com/errata/RHSA-2020:0688","https://access.redhat.com/errata/RHSA-2020:0695","https://github.com/opencontainers/runc/issues/2197","https://github.com/opencontainers/runc/pull/2190","https://github.com/opencontainers/runc/releases","https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/","https://security-tracker.debian.org/tracker/CVE-2019-19921","https://security.gentoo.org/glsa/202003-21","https://usn.ubuntu.com/4297-1/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html","https://access.redhat.com/errata/RHSA-2020:0688","https://access.redhat.com/errata/RHSA-2020:0695","https://github.com/opencontainers/runc/issues/2197","https://github.com/opencontainers/runc/pull/2190","https://github.com/opencontainers/runc/releases","https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/","https://security-tracker.debian.org/tracker/CVE-2019-19921","https://security.gentoo.org/glsa/202003-21","https://usn.ubuntu.com/4297-1/"],"published_time":"2020-02-12T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14553","summary":"gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00979,"ranking_epss":0.76754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html","https://bugzilla.redhat.com/show_bug.cgi?id=1599032","https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f","https://github.com/libgd/libgd/pull/580","https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html","https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/","https://usn.ubuntu.com/4316-1/","https://usn.ubuntu.com/4316-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html","https://bugzilla.redhat.com/show_bug.cgi?id=1599032","https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f","https://github.com/libgd/libgd/pull/580","https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html","https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/","https://usn.ubuntu.com/4316-1/","https://usn.ubuntu.com/4316-2/"],"published_time":"2020-02-11T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5529","summary":"HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.02085,"ranking_epss":0.84002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0","https://jvn.jp/en/jp/JVN34535327/","https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html","https://usn.ubuntu.com/4584-1/","https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0","https://jvn.jp/en/jp/JVN34535327/","https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html","https://usn.ubuntu.com/4584-1/"],"published_time":"2020-02-11T12:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11482","summary":"Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.","cvss":4.2,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.25026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2","https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2"],"published_time":"2020-02-08T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11483","summary":"Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.","cvss":7.0,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2","http://seclists.org/fulldisclosure/2025/Jun/9","https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2"],"published_time":"2020-02-08T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11484","summary":"Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00103,"ranking_epss":0.28171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://usn.ubuntu.com/usn/usn-4170-1","https://usn.ubuntu.com/usn/usn-4170-2","http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://usn.ubuntu.com/usn/usn-4170-1","https://usn.ubuntu.com/usn/usn-4170-2"],"published_time":"2020-02-08T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11485","summary":"Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2","https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2"],"published_time":"2020-02-08T05:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11481","summary":"Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.","cvss":3.8,"cvss_version":3.0,"cvss_v2":6.1,"cvss_v3":3.8,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.32887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2","http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://usn.ubuntu.com/usn/usn-4171-1","https://usn.ubuntu.com/usn/usn-4171-2"],"published_time":"2020-02-08T05:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-1700","summary":"A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00326,"ranking_epss":0.55623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://usn.ubuntu.com/4304-1/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700","https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html","https://usn.ubuntu.com/4304-1/"],"published_time":"2020-02-07T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-1958","summary":"Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01143,"ranking_epss":0.78442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html","http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html","http://trac.imagemagick.org/changeset/14801","http://ubuntu.com/usn/usn-2132-1","http://www.openwall.com/lists/oss-security/2014/02/13/2","http://www.openwall.com/lists/oss-security/2014/02/13/5","https://www.openwall.com/lists/oss-security/2014/02/19/13","http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html","http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html","http://trac.imagemagick.org/changeset/14801","http://ubuntu.com/usn/usn-2132-1","http://www.openwall.com/lists/oss-security/2014/02/13/2","http://www.openwall.com/lists/oss-security/2014/02/13/5","https://www.openwall.com/lists/oss-security/2014/02/19/13"],"published_time":"2020-02-06T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-2030","summary":"Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.18785,"ranking_epss":0.95294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html","http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html","http://ubuntu.com/usn/usn-2132-1","http://www.openwall.com/lists/oss-security/2014/02/12/2","http://www.openwall.com/lists/oss-security/2014/02/13/5","http://www.openwall.com/lists/oss-security/2014/02/19/13","https://bugzilla.redhat.com/show_bug.cgi?id=1064098","https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736","http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html","http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html","http://ubuntu.com/usn/usn-2132-1","http://www.openwall.com/lists/oss-security/2014/02/12/2","http://www.openwall.com/lists/oss-security/2014/02/13/5","http://www.openwall.com/lists/oss-security/2014/02/19/13","https://bugzilla.redhat.com/show_bug.cgi?id=1064098","https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736"],"published_time":"2020-02-06T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9928","summary":"MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"cvss_v4":null,"epss":0.04514,"ranking_epss":0.8915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html","http://www.openwall.com/lists/oss-security/2016/12/11/2","http://www.openwall.com/lists/oss-security/2017/02/09/29","http://www.securityfocus.com/bid/94862","https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258","https://bugzilla.redhat.com/show_bug.cgi?id=1403790","https://gultsch.de/gajim_roster_push_and_message_interception.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00031.html","https://usn.ubuntu.com/4506-1/","http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html","http://www.openwall.com/lists/oss-security/2016/12/11/2","http://www.openwall.com/lists/oss-security/2017/02/09/29","http://www.securityfocus.com/bid/94862","https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258","https://bugzilla.redhat.com/show_bug.cgi?id=1403790","https://gultsch.de/gajim_roster_push_and_message_interception.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00031.html","https://usn.ubuntu.com/4506-1/"],"published_time":"2020-02-06T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8648","summary":"There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://bugzilla.kernel.org/show_bug.cgi?id=206361","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200924-0004/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4346-1/","https://www.debian.org/security/2020/dsa-4698","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://bugzilla.kernel.org/show_bug.cgi?id=206361","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200924-0004/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4346-1/","https://www.debian.org/security/2020/dsa-4698"],"published_time":"2020-02-06T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3123","summary":"A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02399,"ranking_epss":0.85049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html","https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062","https://security.gentoo.org/glsa/202003-46","https://usn.ubuntu.com/4280-1/","https://usn.ubuntu.com/4280-2/","https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html","https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062","https://security.gentoo.org/glsa/202003-46","https://usn.ubuntu.com/4280-1/","https://usn.ubuntu.com/4280-2/"],"published_time":"2020-02-05T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12528","summary":"An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.23632,"ranking_epss":0.95992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.squid-cache.org/Advisories/SQUID-2020_2.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4289-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.squid-cache.org/Advisories/SQUID-2020_2.txt","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4289-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-02-04T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8449","summary":"An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0396,"ranking_epss":0.88366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://www.squid-cache.org/Advisories/SQUID-2020_1.txt","http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch","http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/","https://security.gentoo.org/glsa/202003-34","https://security.netapp.com/advisory/ntap-20210304-0002/","https://usn.ubuntu.com/4289-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://www.squid-cache.org/Advisories/SQUID-2020_1.txt","http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch","http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/","https://security.gentoo.org/glsa/202003-34","https://security.netapp.com/advisory/ntap-20210304-0002/","https://usn.ubuntu.com/4289-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-02-04T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8450","summary":"An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"cvss_v4":null,"epss":0.46287,"ranking_epss":0.97647,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://www.squid-cache.org/Advisories/SQUID-2020_1.txt","http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch","http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/","https://security.gentoo.org/glsa/202003-34","https://security.netapp.com/advisory/ntap-20210304-0002/","https://usn.ubuntu.com/4289-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://www.squid-cache.org/Advisories/SQUID-2020_1.txt","http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch","http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/","https://security.gentoo.org/glsa/202003-34","https://security.netapp.com/advisory/ntap-20210304-0002/","https://usn.ubuntu.com/4289-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2020-02-04T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8517","summary":"An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00828,"ranking_epss":0.74504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.squid-cache.org/Advisories/SQUID-2020_3.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch","https://security.gentoo.org/glsa/202003-34","https://security.netapp.com/advisory/ntap-20210304-0002/","https://usn.ubuntu.com/4289-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","http://www.squid-cache.org/Advisories/SQUID-2020_3.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch","https://security.gentoo.org/glsa/202003-34","https://security.netapp.com/advisory/ntap-20210304-0002/","https://usn.ubuntu.com/4289-1/"],"published_time":"2020-02-04T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9674","summary":"Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01265,"ranking_epss":0.79454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html","https://bugs.python.org/issue36260","https://bugs.python.org/issue36462","https://github.com/python/cpython/blob/master/Lib/zipfile.py","https://python-security.readthedocs.io/security.html#archives-and-zip-bomb","https://security.netapp.com/advisory/ntap-20200221-0003/","https://usn.ubuntu.com/4428-1/","https://www.python.org/news/security/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html","https://bugs.python.org/issue36260","https://bugs.python.org/issue36462","https://github.com/python/cpython/blob/master/Lib/zipfile.py","https://python-security.readthedocs.io/security.html#archives-and-zip-bomb","https://security.netapp.com/advisory/ntap-20200221-0003/","https://usn.ubuntu.com/4428-1/","https://www.python.org/news/security/"],"published_time":"2020-02-04T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8597","summary":"eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.65396,"ranking_epss":0.98488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html","http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html","http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html","http://seclists.org/fulldisclosure/2020/Mar/6","https://access.redhat.com/errata/RHSA-2020:0630","https://access.redhat.com/errata/RHSA-2020:0631","https://access.redhat.com/errata/RHSA-2020:0633","https://access.redhat.com/errata/RHSA-2020:0634","https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf","https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426","https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136","https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/","https://security.gentoo.org/glsa/202003-19","https://security.netapp.com/advisory/ntap-20200313-0004/","https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04","https://usn.ubuntu.com/4288-1/","https://usn.ubuntu.com/4288-2/","https://www.debian.org/security/2020/dsa-4632","https://www.kb.cert.org/vuls/id/782301","https://www.synology.com/security/advisory/Synology_SA_20_02","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html","http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html","http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html","http://seclists.org/fulldisclosure/2020/Mar/6","https://access.redhat.com/errata/RHSA-2020:0630","https://access.redhat.com/errata/RHSA-2020:0631","https://access.redhat.com/errata/RHSA-2020:0633","https://access.redhat.com/errata/RHSA-2020:0634","https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf","https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426","https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136","https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/","https://security.gentoo.org/glsa/202003-19","https://security.netapp.com/advisory/ntap-20200313-0004/","https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04","https://usn.ubuntu.com/4288-1/","https://usn.ubuntu.com/4288-2/","https://www.debian.org/security/2020/dsa-4632","https://www.kb.cert.org/vuls/id/782301","https://www.synology.com/security/advisory/Synology_SA_20_02"],"published_time":"2020-02-03T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20446","summary":"In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0133,"ranking_epss":0.79944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html","https://gitlab.gnome.org/GNOME/librsvg/issues/515","https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.netapp.com/advisory/ntap-20221111-0004/","https://usn.ubuntu.com/4436-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html","https://gitlab.gnome.org/GNOME/librsvg/issues/515","https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.netapp.com/advisory/ntap-20221111-0004/","https://usn.ubuntu.com/4436-1/"],"published_time":"2020-02-02T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-6815","summary":"The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.","cvss":3.5,"cvss_version":3.0,"cvss_v2":2.7,"cvss_v3":3.5,"cvss_v4":null,"epss":0.01574,"ranking_epss":0.8154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html","http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html","http://www.openwall.com/lists/oss-security/2015/09/04/4","http://www.openwall.com/lists/oss-security/2015/09/05/5","http://www.ubuntu.com/usn/USN-2745-1","https://bugzilla.redhat.com/show_bug.cgi?id=1260076","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html","https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html","http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html","http://www.openwall.com/lists/oss-security/2015/09/04/4","http://www.openwall.com/lists/oss-security/2015/09/05/5","http://www.ubuntu.com/usn/USN-2745-1","https://bugzilla.redhat.com/show_bug.cgi?id=1260076","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html","https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"],"published_time":"2020-01-31T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8492","summary":"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.03512,"ranking_epss":0.87628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","https://bugs.python.org/issue39503","https://github.com/python/cpython/pull/18284","https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/","https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html","https://security.gentoo.org/glsa/202005-09","https://security.netapp.com/advisory/ntap-20200221-0001/","https://usn.ubuntu.com/4333-1/","https://usn.ubuntu.com/4333-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","https://bugs.python.org/issue39503","https://github.com/python/cpython/pull/18284","https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/","https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html","https://security.gentoo.org/glsa/202005-09","https://security.netapp.com/advisory/ntap-20200221-0001/","https://usn.ubuntu.com/4333-1/","https://usn.ubuntu.com/4333-2/"],"published_time":"2020-01-30T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20444","summary":"HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an \"invalid fold.\"","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.14873,"ranking_epss":0.94525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0497","https://access.redhat.com/errata/RHSA-2020:0567","https://access.redhat.com/errata/RHSA-2020:0601","https://access.redhat.com/errata/RHSA-2020:0605","https://access.redhat.com/errata/RHSA-2020:0606","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final","https://github.com/netty/netty/issues/9866","https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-20444/5.0.0.Alpha1/exploit","https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E","https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html","https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/","https://usn.ubuntu.com/4532-1/","https://www.debian.org/security/2021/dsa-4885","https://access.redhat.com/errata/RHSA-2020:0497","https://access.redhat.com/errata/RHSA-2020:0567","https://access.redhat.com/errata/RHSA-2020:0601","https://access.redhat.com/errata/RHSA-2020:0605","https://access.redhat.com/errata/RHSA-2020:0606","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final","https://github.com/netty/netty/issues/9866","https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e%40%3Ccommits.camel.apache.org%3E","https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html","https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/","https://usn.ubuntu.com/4532-1/","https://www.debian.org/security/2021/dsa-4885"],"published_time":"2020-01-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20445","summary":"HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.02837,"ranking_epss":0.86189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0497","https://access.redhat.com/errata/RHSA-2020:0567","https://access.redhat.com/errata/RHSA-2020:0601","https://access.redhat.com/errata/RHSA-2020:0605","https://access.redhat.com/errata/RHSA-2020:0606","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final","https://github.com/netty/netty/issues/9861","https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663%40%3Cissues.flume.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d%40%3Creviews.spark.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74%40%3Cissues.flume.apache.org%3E","https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2%40%3Cissues.flume.apache.org%3E","https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html","https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/","https://usn.ubuntu.com/4532-1/","https://www.debian.org/security/2021/dsa-4885","https://access.redhat.com/errata/RHSA-2020:0497","https://access.redhat.com/errata/RHSA-2020:0567","https://access.redhat.com/errata/RHSA-2020:0601","https://access.redhat.com/errata/RHSA-2020:0605","https://access.redhat.com/errata/RHSA-2020:0606","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final","https://github.com/netty/netty/issues/9861","https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663%40%3Cissues.flume.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d%40%3Creviews.spark.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74%40%3Cissues.flume.apache.org%3E","https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E","https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2%40%3Cissues.flume.apache.org%3E","https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html","https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/","https://usn.ubuntu.com/4532-1/","https://www.debian.org/security/2021/dsa-4885"],"published_time":"2020-01-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7247","summary":"smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.94076,"ranking_epss":0.99905,"kev":true,"propose_action":"smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html","http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html","http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html","http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Jan/49","http://www.openwall.com/lists/oss-security/2020/01/28/3","https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","https://seclists.org/bugtraq/2020/Jan/51","https://usn.ubuntu.com/4268-1/","https://www.debian.org/security/2020/dsa-4611","https://www.kb.cert.org/vuls/id/390745","https://www.openbsd.org/security.html","http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html","http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html","http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html","http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Jan/49","http://www.openwall.com/lists/oss-security/2020/01/28/3","https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","https://seclists.org/bugtraq/2020/Jan/51","https://usn.ubuntu.com/4268-1/","https://www.debian.org/security/2020/dsa-4611","https://www.kb.cert.org/vuls/id/390745","https://www.openbsd.org/security.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247"],"published_time":"2020-01-29T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-0549","summary":"Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/","https://security.netapp.com/advisory/ntap-20200210-0004/","https://usn.ubuntu.com/4385-1/","https://www.debian.org/security/2020/dsa-4701","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10318","https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/","https://security.netapp.com/advisory/ntap-20200210-0004/","https://usn.ubuntu.com/4385-1/","https://www.debian.org/security/2020/dsa-4701","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"],"published_time":"2020-01-28T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20421","summary":"In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03067,"ranking_epss":0.8674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8","https://github.com/Exiv2/exiv2/issues/1011","https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html","https://usn.ubuntu.com/4270-1/","https://www.debian.org/security/2021/dsa-4958","https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8","https://github.com/Exiv2/exiv2/issues/1011","https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html","https://usn.ubuntu.com/4270-1/","https://www.debian.org/security/2021/dsa-4958"],"published_time":"2020-01-27T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17570","summary":"An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.70524,"ranking_epss":0.98691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2020/01/24/2","https://access.redhat.com/errata/RHSA-2020:0310","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B","https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp","https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/","https://seclists.org/bugtraq/2020/Feb/8","https://security.gentoo.org/glsa/202401-26","https://usn.ubuntu.com/4496-1/","https://www.debian.org/security/2020/dsa-4619","http://www.openwall.com/lists/oss-security/2020/01/24/2","https://access.redhat.com/errata/RHSA-2020:0310","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B","https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp","https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/","https://seclists.org/bugtraq/2020/Feb/8","https://security.gentoo.org/glsa/202401-26","https://usn.ubuntu.com/4496-1/","https://www.debian.org/security/2020/dsa-4619"],"published_time":"2020-01-23T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-5239","summary":"Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.05062,"ranking_epss":0.89785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html","http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html","http://www.openwall.com/lists/oss-security/2015/09/02/7","http://www.ubuntu.com/usn/USN-2745-1","https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d","https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html","http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html","http://www.openwall.com/lists/oss-security/2015/09/02/7","http://www.ubuntu.com/usn/USN-2745-1","https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d","https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"],"published_time":"2020-01-23T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-5278","summary":"The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01853,"ranking_epss":0.8301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html","http://www.openwall.com/lists/oss-security/2015/09/15/2","http://www.ubuntu.com/usn/USN-2745-1","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html","https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html","http://www.openwall.com/lists/oss-security/2015/09/15/2","http://www.ubuntu.com/usn/USN-2745-1","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html","https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html","https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"],"published_time":"2020-01-23T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-4761","summary":"WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0047,"ranking_epss":0.64562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2016/11/04/14","http://www.ubuntu.com/usn/USN-3166-1","http://www.openwall.com/lists/oss-security/2016/11/04/14","http://www.ubuntu.com/usn/USN-3166-1"],"published_time":"2020-01-22T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7595","summary":"xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00473,"ranking_epss":0.64712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076","https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","https://security.gentoo.org/glsa/202010-04","https://security.netapp.com/advisory/ntap-20200702-0005/","https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","https://usn.ubuntu.com/4274-1/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076","https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","https://security.gentoo.org/glsa/202010-04","https://security.netapp.com/advisory/ntap-20200702-0005/","https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","https://usn.ubuntu.com/4274-1/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2020-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7040","summary":"storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)","cvss":8.1,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.1,"cvss_v4":null,"epss":0.05192,"ranking_epss":0.89921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.html","http://www.openwall.com/lists/oss-security/2020/01/20/3","http://www.openwall.com/lists/oss-security/2020/01/21/2","http://www.openwall.com/lists/oss-security/2020/01/22/2","http://www.openwall.com/lists/oss-security/2020/01/22/3","http://www.openwall.com/lists/oss-security/2020/01/23/1","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040","https://lists.debian.org/debian-lts-announce/2020/02/msg00003.html","https://seclists.org/oss-sec/2020/q1/20","https://usn.ubuntu.com/4508-1/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.html","http://www.openwall.com/lists/oss-security/2020/01/20/3","http://www.openwall.com/lists/oss-security/2020/01/21/2","http://www.openwall.com/lists/oss-security/2020/01/22/2","http://www.openwall.com/lists/oss-security/2020/01/22/3","http://www.openwall.com/lists/oss-security/2020/01/23/1","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040","https://lists.debian.org/debian-lts-announce/2020/02/msg00003.html","https://seclists.org/oss-sec/2020/q1/20","https://usn.ubuntu.com/4508-1/"],"published_time":"2020-01-21T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14902","summary":"There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.4,"cvss_v4":null,"epss":0.03503,"ranking_epss":0.87612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20200122-0001/","https://usn.ubuntu.com/4244-1/","https://www.samba.org/samba/security/CVE-2019-14902.html","https://www.synology.com/security/advisory/Synology_SA_20_01","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20200122-0001/","https://usn.ubuntu.com/4244-1/","https://www.samba.org/samba/security/CVE-2019-14902.html","https://www.synology.com/security/advisory/Synology_SA_20_01"],"published_time":"2020-01-21T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14907","summary":"All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":6.5,"cvss_v4":null,"epss":0.10242,"ranking_epss":0.93148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20200122-0001/","https://usn.ubuntu.com/4244-1/","https://www.samba.org/samba/security/CVE-2019-14907.html","https://www.synology.com/security/advisory/Synology_SA_20_01","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20200122-0001/","https://usn.ubuntu.com/4244-1/","https://www.samba.org/samba/security/CVE-2019-14907.html","https://www.synology.com/security/advisory/Synology_SA_20_01"],"published_time":"2020-01-21T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19344","summary":"There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02308,"ranking_epss":0.84757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20200122-0001/","https://usn.ubuntu.com/4244-1/","https://www.samba.org/samba/security/CVE-2019-19344.html","https://www.synology.com/security/advisory/Synology_SA_20_01","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20200122-0001/","https://usn.ubuntu.com/4244-1/","https://www.samba.org/samba/security/CVE-2019-19344.html","https://www.synology.com/security/advisory/Synology_SA_20_01"],"published_time":"2020-01-21T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20386","summary":"An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35853,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html","https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/","https://security.netapp.com/advisory/ntap-20200210-0002/","https://usn.ubuntu.com/4269-1/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html","https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/","https://security.netapp.com/advisory/ntap-20200210-0002/","https://usn.ubuntu.com/4269-1/"],"published_time":"2020-01-21T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14615","summary":"Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.","cvss":5.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.04499,"ranking_epss":0.89128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","http://seclists.org/fulldisclosure/2020/Mar/31","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://support.apple.com/kb/HT211100","https://usn.ubuntu.com/4253-1/","https://usn.ubuntu.com/4253-2/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4255-1/","https://usn.ubuntu.com/4255-2/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","http://seclists.org/fulldisclosure/2020/Mar/31","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://support.apple.com/kb/HT211100","https://usn.ubuntu.com/4253-1/","https://usn.ubuntu.com/4253-2/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4255-1/","https://usn.ubuntu.com/4255-2/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html"],"published_time":"2020-01-17T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17361","summary":"In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.","cvss":9.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.8,"cvss_v4":null,"epss":0.18518,"ranking_epss":0.95248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html","https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix","https://github.com/saltstack/salt/commits/master","https://usn.ubuntu.com/4459-1/","https://www.debian.org/security/2020/dsa-4676","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html","https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix","https://github.com/saltstack/salt/commits/master","https://usn.ubuntu.com/4459-1/","https://www.debian.org/security/2020/dsa-4676"],"published_time":"2020-01-17T02:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15961","summary":"A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02206,"ranking_epss":0.84446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.clamav.net/show_bug.cgi?id=12380","https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html","https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010","https://security.gentoo.org/glsa/202003-46","https://usn.ubuntu.com/4230-2/","https://bugzilla.clamav.net/show_bug.cgi?id=12380","https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html","https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010","https://security.gentoo.org/glsa/202003-46","https://usn.ubuntu.com/4230-2/"],"published_time":"2020-01-15T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2686","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00333,"ranking_epss":0.56163,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2694","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).","cvss":3.1,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":3.1,"cvss_v4":null,"epss":0.0032,"ranking_epss":0.55106,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2679","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2654","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00339,"ranking_epss":0.56709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2659","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00293,"ranking_epss":0.52625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2660","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2627","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00441,"ranking_epss":0.63207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2601","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00714,"ranking_epss":0.72328,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2604","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.01699,"ranking_epss":0.82282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2021.html"],"published_time":"2020-01-15T17:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2583","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00519,"ranking_epss":0.66791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2584","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2588","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2589","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00362,"ranking_epss":0.58288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2590","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00449,"ranking_epss":0.63594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2593","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.0064,"ranking_epss":0.70542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2570","summary":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00294,"ranking_epss":0.52682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2572","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).","cvss":2.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":2.7,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2573","summary":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00696,"ranking_epss":0.71918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2574","summary":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.0016,"ranking_epss":0.36922,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html","http://www.openwall.com/lists/oss-security/2020/09/29/1","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://usn.ubuntu.com/4250-2/","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html","http://www.openwall.com/lists/oss-security/2020/09/29/1","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://usn.ubuntu.com/4250-2/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2577","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.4901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2579","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00469,"ranking_epss":0.64537,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20200122-0002/","https://usn.ubuntu.com/4250-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5390","summary":"PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25","https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e","https://github.com/IdentityPython/pysaml2/releases","https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0","https://lists.debian.org/debian-lts-announce/2020/02/msg00025.html","https://pypi.org/project/pysaml2/5.0.0/","https://usn.ubuntu.com/4245-1/","https://www.debian.org/security/2020/dsa-4630","https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25","https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e","https://github.com/IdentityPython/pysaml2/releases","https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0","https://lists.debian.org/debian-lts-announce/2020/02/msg00025.html","https://pypi.org/project/pysaml2/5.0.0/","https://usn.ubuntu.com/4245-1/","https://www.debian.org/security/2020/dsa-4630"],"published_time":"2020-01-13T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20372","summary":"NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"cvss_v4":null,"epss":0.69737,"ranking_epss":0.98665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html","http://nginx.org/en/CHANGES","http://seclists.org/fulldisclosure/2021/Sep/36","https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf","https://duo.com/docs/dng-notes#version-1.5.4-january-2020","https://github.com/kubernetes/ingress-nginx/pull/4859","https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e","https://security.netapp.com/advisory/ntap-20200127-0003/","https://support.apple.com/kb/HT212818","https://usn.ubuntu.com/4235-1/","https://usn.ubuntu.com/4235-2/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html","http://nginx.org/en/CHANGES","http://seclists.org/fulldisclosure/2021/Sep/36","https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf","https://duo.com/docs/dng-notes#version-1.5.4-january-2020","https://github.com/kubernetes/ingress-nginx/pull/4859","https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e","https://security.netapp.com/advisory/ntap-20200127-0003/","https://support.apple.com/kb/HT212818","https://usn.ubuntu.com/4235-1/","https://usn.ubuntu.com/4235-2/"],"published_time":"2020-01-09T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17012","summary":"Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02152,"ranking_epss":0.84253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17016","summary":"When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.03465,"ranking_epss":0.87536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1599181","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1599181","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17017","summary":"Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0263,"ranking_epss":0.85684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1603055","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1603055","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17020","summary":"If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1597645","https://usn.ubuntu.com/4234-1/","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://bugzilla.mozilla.org/show_bug.cgi?id=1597645","https://usn.ubuntu.com/4234-1/","https://www.mozilla.org/security/advisories/mfsa2020-01/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17022","summary":"When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.04633,"ranking_epss":0.89283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1602843","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1602843","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17023","summary":"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00899,"ranking_epss":0.75657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1590001","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4397-1/","https://www.debian.org/security/2020/dsa-4726","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://bugzilla.mozilla.org/show_bug.cgi?id=1590001","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4397-1/","https://www.debian.org/security/2020/dsa-4726","https://www.mozilla.org/security/advisories/mfsa2020-01/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17024","summary":"Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03276,"ranking_epss":0.87171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17025","summary":"Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00704,"ranking_epss":0.72091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1328295%2C1328300%2C1590447%2C1590965%2C1595692%2C1597321%2C1597481","https://usn.ubuntu.com/4234-1/","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1328295%2C1328300%2C1590447%2C1590965%2C1595692%2C1597321%2C1597481","https://usn.ubuntu.com/4234-1/","https://www.mozilla.org/security/advisories/mfsa2020-01/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17005","summary":"The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02867,"ranking_epss":0.8626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1584170","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1584170","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/"],"published_time":"2020-01-08T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17010","summary":"Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01329,"ranking_epss":0.79939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1581084","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1581084","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/"],"published_time":"2020-01-08T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17011","summary":"Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01329,"ranking_epss":0.79939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1591334","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1591334","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/"],"published_time":"2020-01-08T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11764","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00976,"ranking_epss":0.76702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11745","summary":"When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00806,"ranking_epss":0.74149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html","https://access.redhat.com/errata/RHSA-2020:0243","https://access.redhat.com/errata/RHSA-2020:0466","https://bugzilla.mozilla.org/show_bug.cgi?id=1586176","https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf","https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://security.gentoo.org/glsa/202003-37","https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html","https://access.redhat.com/errata/RHSA-2020:0243","https://access.redhat.com/errata/RHSA-2020:0466","https://bugzilla.mozilla.org/show_bug.cgi?id=1586176","https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf","https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://security.gentoo.org/glsa/202003-37","https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11757","summary":"When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0139,"ranking_epss":0.80351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1577107","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1577107","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11758","summary":"Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00849,"ranking_epss":0.7486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1536227","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-25/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1536227","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-25/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11759","summary":"An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0251,"ranking_epss":0.85368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1577953","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1577953","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11760","summary":"A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01522,"ranking_epss":0.81256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1577719","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1577719","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11761","summary":"By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00442,"ranking_epss":0.63283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1561502","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1561502","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11762","summary":"If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":6.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00379,"ranking_epss":0.59397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1582857","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1582857","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11763","summary":"Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.0223,"ranking_epss":0.8453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1584216","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/","https://bugzilla.mozilla.org/show_bug.cgi?id=1584216","https://security.gentoo.org/glsa/202003-10","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-33/","https://www.mozilla.org/security/advisories/mfsa2019-34/","https://www.mozilla.org/security/advisories/mfsa2019-35/"],"published_time":"2020-01-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20367","summary":"nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00879,"ranking_epss":0.75334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html","https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b","https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html","https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html","https://usn.ubuntu.com/4243-1/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html","https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b","https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html","https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html","https://usn.ubuntu.com/4243-1/"],"published_time":"2020-01-08T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5188","summary":"A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/","https://security.netapp.com/advisory/ntap-20220506-0001/","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973","https://usn.ubuntu.com/4249-1/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/","https://security.netapp.com/advisory/ntap-20220506-0001/","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973","https://usn.ubuntu.com/4249-1/"],"published_time":"2020-01-08T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19911","summary":"There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00965,"ranking_epss":0.76564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631"],"published_time":"2020-01-05T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19959","summary":"ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0052,"ranking_epss":0.66812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec","https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1","https://security.netapp.com/advisory/ntap-20200204-0001/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec","https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1","https://security.netapp.com/advisory/ntap-20200204-0001/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-01-03T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5310","summary":"libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/"],"published_time":"2020-01-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5311","summary":"libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01304,"ranking_epss":0.79753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0566","https://access.redhat.com/errata/RHSA-2020:0580","https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631","https://access.redhat.com/errata/RHSA-2020:0566","https://access.redhat.com/errata/RHSA-2020:0580","https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631"],"published_time":"2020-01-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5312","summary":"libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0173,"ranking_epss":0.82453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0566","https://access.redhat.com/errata/RHSA-2020:0578","https://access.redhat.com/errata/RHSA-2020:0580","https://access.redhat.com/errata/RHSA-2020:0681","https://access.redhat.com/errata/RHSA-2020:0683","https://access.redhat.com/errata/RHSA-2020:0694","https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631","https://access.redhat.com/errata/RHSA-2020:0566","https://access.redhat.com/errata/RHSA-2020:0578","https://access.redhat.com/errata/RHSA-2020:0580","https://access.redhat.com/errata/RHSA-2020:0681","https://access.redhat.com/errata/RHSA-2020:0683","https://access.redhat.com/errata/RHSA-2020:0694","https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631"],"published_time":"2020-01-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-5313","summary":"libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00551,"ranking_epss":0.67976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631","https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/","https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html","https://usn.ubuntu.com/4272-1/","https://www.debian.org/security/2020/dsa-4631"],"published_time":"2020-01-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-4532","summary":"Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0017,"ranking_epss":0.38181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ubuntu.com/usn/USN-2342-1","https://access.redhat.com/security/cve/cve-2013-4532","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532","https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2","https://security-tracker.debian.org/tracker/CVE-2013-4532","http://www.ubuntu.com/usn/USN-2342-1","https://access.redhat.com/security/cve/cve-2013-4532","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532","https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2","https://security-tracker.debian.org/tracker/CVE-2013-4532"],"published_time":"2020-01-02T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20218","summary":"selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60788,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-01-02T14:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-4357","summary":"The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01185,"ranking_epss":0.78782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html","http://www.openwall.com/lists/oss-security/2013/09/17/4","http://www.openwall.com/lists/oss-security/2013/09/17/8","http://www.openwall.com/lists/oss-security/2015/01/28/18","http://www.openwall.com/lists/oss-security/2015/01/29/21","http://www.openwall.com/lists/oss-security/2015/02/24/3","http://www.securityfocus.com/bid/67992","http://www.ubuntu.com/usn/USN-2306-1","http://www.ubuntu.com/usn/USN-2306-2","http://www.ubuntu.com/usn/USN-2306-3","https://access.redhat.com/security/cve/cve-2013-4357","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357","https://exchange.xforce.ibmcloud.com/vulnerabilities/95103","https://security-tracker.debian.org/tracker/CVE-2013-4357","http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html","http://www.openwall.com/lists/oss-security/2013/09/17/4","http://www.openwall.com/lists/oss-security/2013/09/17/8","http://www.openwall.com/lists/oss-security/2015/01/28/18","http://www.openwall.com/lists/oss-security/2015/01/29/21","http://www.openwall.com/lists/oss-security/2015/02/24/3","http://www.securityfocus.com/bid/67992","http://www.ubuntu.com/usn/USN-2306-1","http://www.ubuntu.com/usn/USN-2306-2","http://www.ubuntu.com/usn/USN-2306-3","https://access.redhat.com/security/cve/cve-2013-4357","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357","https://exchange.xforce.ibmcloud.com/vulnerabilities/95103","https://security-tracker.debian.org/tracker/CVE-2013-4357"],"published_time":"2019-12-31T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20096","summary":"In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d3ff0950e2b40dc861b1739029649d03f591820","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d3ff0950e2b40dc861b1739029649d03f591820","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-12-30T05:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20079","summary":"The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0084,"ranking_epss":0.74707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421","https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136","https://packetstormsecurity.com/files/154898","https://usn.ubuntu.com/4309-1/","https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421","https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136","https://packetstormsecurity.com/files/154898","https://usn.ubuntu.com/4309-1/"],"published_time":"2019-12-30T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2012-2736","summary":"In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html","http://www.openwall.com/lists/oss-security/2012/06/15/2","http://www.openwall.com/lists/oss-security/2012/06/15/4","http://www.ubuntu.com/usn/USN-1483-1","http://www.ubuntu.com/usn/USN-1483-2","https://access.redhat.com/security/cve/cve-2012-2736","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736","https://security-tracker.debian.org/tracker/CVE-2012-2736","http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html","http://www.openwall.com/lists/oss-security/2012/06/15/2","http://www.openwall.com/lists/oss-security/2012/06/15/4","http://www.ubuntu.com/usn/USN-1483-1","http://www.ubuntu.com/usn/USN-1483-2","https://access.redhat.com/security/cve/cve-2012-2736","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736","https://security-tracker.debian.org/tracker/CVE-2012-2736"],"published_time":"2019-12-26T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19965","summary":"In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20200204-0002/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20200204-0002/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-12-25T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19956","summary":"xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00154,"ranking_epss":0.36075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html","https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549","https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","https://security.netapp.com/advisory/ntap-20200114-0002/","https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","https://usn.ubuntu.com/4274-1/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html","https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549","https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","https://security.netapp.com/advisory/ntap-20200114-0002/","https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","https://usn.ubuntu.com/4274-1/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2019-12-24T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19948","summary":"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html","https://github.com/ImageMagick/ImageMagick/issues/1562","https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html","https://usn.ubuntu.com/4549-1/","https://www.debian.org/security/2020/dsa-4712","https://www.debian.org/security/2020/dsa-4715","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html","https://github.com/ImageMagick/ImageMagick/issues/1562","https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html","https://usn.ubuntu.com/4549-1/","https://www.debian.org/security/2020/dsa-4712","https://www.debian.org/security/2020/dsa-4715"],"published_time":"2019-12-24T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19949","summary":"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html","https://github.com/ImageMagick/ImageMagick/issues/1561","https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html","https://usn.ubuntu.com/4549-1/","https://www.debian.org/security/2020/dsa-4712","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html","https://github.com/ImageMagick/ImageMagick/issues/1561","https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html","https://usn.ubuntu.com/4549-1/","https://www.debian.org/security/2020/dsa-4712"],"published_time":"2019-12-24T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19947","summary":"In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.","cvss":4.6,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29029,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/12/24/1","https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20200204-0002/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4485-1/","http://www.openwall.com/lists/oss-security/2019/12/24/1","https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20200204-0002/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4427-1/","https://usn.ubuntu.com/4485-1/"],"published_time":"2019-12-24T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3467","summary":"Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459","https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html","https://seclists.org/bugtraq/2019/Dec/34","https://seclists.org/bugtraq/2019/Dec/44","https://security-tracker.debian.org/tracker/CVE-2019-3467","https://usn.ubuntu.com/4530-1/","https://www.debian.org/security/2019/dsa-4589","https://www.debian.org/security/2019/dsa-4595","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459","https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html","https://seclists.org/bugtraq/2019/Dec/34","https://seclists.org/bugtraq/2019/Dec/44","https://security-tracker.debian.org/tracker/CVE-2019-3467","https://usn.ubuntu.com/4530-1/","https://www.debian.org/security/2019/dsa-4589","https://www.debian.org/security/2019/dsa-4595"],"published_time":"2019-12-23T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5108","summary":"An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.","cvss":7.4,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00757,"ranking_epss":0.73274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200204-0002/","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.debian.org/security/2020/dsa-4698","https://www.oracle.com/security-alerts/cpuApr2021.html","http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://security.netapp.com/advisory/ntap-20200204-0002/","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.debian.org/security/2020/dsa-4698","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-12-23T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12418","summary":"When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00355,"ranking_epss":0.57803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html","https://seclists.org/bugtraq/2019/Dec/43","https://security.gentoo.org/glsa/202003-43","https://security.netapp.com/advisory/ntap-20200107-0001/","https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4251-1/","https://www.debian.org/security/2019/dsa-4596","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html","https://seclists.org/bugtraq/2019/Dec/43","https://security.gentoo.org/glsa/202003-43","https://security.netapp.com/advisory/ntap-20200107-0001/","https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4251-1/","https://www.debian.org/security/2019/dsa-4596","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-12-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17563","summary":"When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0326,"ranking_epss":0.87138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e%40%3Cissues.cxf.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://seclists.org/bugtraq/2019/Dec/43","https://security.gentoo.org/glsa/202003-43","https://security.netapp.com/advisory/ntap-20200107-0001/","https://usn.ubuntu.com/4251-1/","https://www.debian.org/security/2019/dsa-4596","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e%40%3Cissues.cxf.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://seclists.org/bugtraq/2019/Dec/43","https://security.gentoo.org/glsa/202003-43","https://security.netapp.com/advisory/ntap-20200107-0001/","https://usn.ubuntu.com/4251-1/","https://www.debian.org/security/2019/dsa-4596","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2019-12-23T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11045","summary":"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.41483,"ranking_epss":0.97405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78863","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78863","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-12-23T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11046","summary":"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.","cvss":3.7,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":3.7,"cvss_v4":null,"epss":0.08245,"ranking_epss":0.92226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78878","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78878","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-12-23T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11047","summary":"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.","cvss":4.8,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":4.8,"cvss_v4":null,"epss":0.03196,"ranking_epss":0.86991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78910","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78910","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-12-23T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11050","summary":"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.","cvss":4.8,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":4.8,"cvss_v4":null,"epss":0.03196,"ranking_epss":0.86991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78793","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html","https://bugs.php.net/bug.php?id=78793","https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","https://seclists.org/bugtraq/2020/Feb/27","https://seclists.org/bugtraq/2020/Feb/31","https://seclists.org/bugtraq/2021/Jan/3","https://security.netapp.com/advisory/ntap-20200103-0002/","https://usn.ubuntu.com/4239-1/","https://www.debian.org/security/2020/dsa-4626","https://www.debian.org/security/2020/dsa-4628","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-12-23T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19922","summary":"kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425","https://github.com/kubernetes/kubernetes/issues/67577","https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://relistan.com/the-kernel-may-be-slowing-down-your-app","https://security.netapp.com/advisory/ntap-20200204-0002/","https://usn.ubuntu.com/4226-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425","https://github.com/kubernetes/kubernetes/issues/67577","https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://relistan.com/the-kernel-may-be-slowing-down-your-app","https://security.netapp.com/advisory/ntap-20200204-0002/","https://usn.ubuntu.com/4226-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-12-22T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19920","summary":"sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03463,"ranking_epss":0.87532,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/946829#24","https://lists.debian.org/debian-lts-announce/2020/01/msg00006.html","https://marc.info/?l=spamassassin-users&m=157668107325768&w=2","https://marc.info/?l=spamassassin-users&m=157668305026635&w=2","https://usn.ubuntu.com/4520-1/","https://bugs.debian.org/946829#24","https://lists.debian.org/debian-lts-announce/2020/01/msg00006.html","https://marc.info/?l=spamassassin-users&m=157668107325768&w=2","https://marc.info/?l=spamassassin-users&m=157668305026635&w=2","https://usn.ubuntu.com/4520-1/"],"published_time":"2019-12-22T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17571","summary":"Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.36965,"ranking_epss":0.97156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html","https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E","https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3Cuser.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3Clog4j-user.logging.apache.org%3E","https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3Cdev.jena.apache.org%3E","https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3Cpluto-dev.portals.apache.org%3E","https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3Ccommits.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3Ccommon-dev.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3Cdev.tinkerpop.apache.org%3E","https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3Cpluto-dev.portals.apache.org%3E","https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3Cpluto-scm.portals.apache.org%3E","https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3Cpluto-dev.portals.apache.org%3E","https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html","https://security.netapp.com/advisory/ntap-20200110-0001/","https://usn.ubuntu.com/4495-1/","https://www.debian.org/security/2020/dsa-4686","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html","https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E","https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3Cuser.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3Clog4j-user.logging.apache.org%3E","https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3Cdev.jena.apache.org%3E","https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3Cpluto-dev.portals.apache.org%3E","https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E","https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3Ccommits.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3Ccommon-dev.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3Cdev.tinkerpop.apache.org%3E","https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3Cpluto-dev.portals.apache.org%3E","https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3Cpluto-scm.portals.apache.org%3E","https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3Cnotifications.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E","https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3Cpluto-dev.portals.apache.org%3E","https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3Cjira.kafka.apache.org%3E","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html","https://security.netapp.com/advisory/ntap-20200110-0001/","https://usn.ubuntu.com/4495-1/","https://www.debian.org/security/2020/dsa-4686","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2019-12-20T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19906","summary":"cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00354,"ranking_epss":0.57798,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Jul/23","http://seclists.org/fulldisclosure/2020/Jul/24","http://www.openwall.com/lists/oss-security/2022/02/23/4","https://github.com/cyrusimap/cyrus-sasl/issues/587","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/","https://seclists.org/bugtraq/2019/Dec/42","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4256-1/","https://www.debian.org/security/2019/dsa-4591","https://www.openldap.org/its/index.cgi/Incoming?id=9123","http://seclists.org/fulldisclosure/2020/Jul/23","http://seclists.org/fulldisclosure/2020/Jul/24","http://www.openwall.com/lists/oss-security/2022/02/23/4","https://github.com/cyrusimap/cyrus-sasl/issues/587","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/","https://seclists.org/bugtraq/2019/Dec/42","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4256-1/","https://www.debian.org/security/2019/dsa-4591","https://www.openldap.org/its/index.cgi/Incoming?id=9123"],"published_time":"2019-12-19T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19844","summary":"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)","cvss":9.8,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.13973,"ranking_epss":0.9433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","https://docs.djangoproject.com/en/dev/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/3oaB2rVH3a0","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","https://seclists.org/bugtraq/2020/Jan/9","https://security.gentoo.org/glsa/202004-17","https://security.netapp.com/advisory/ntap-20200110-0003/","https://usn.ubuntu.com/4224-1/","https://www.debian.org/security/2020/dsa-4598","https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","https://docs.djangoproject.com/en/dev/releases/security/","https://groups.google.com/forum/#%21topic/django-announce/3oaB2rVH3a0","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","https://seclists.org/bugtraq/2020/Jan/9","https://security.gentoo.org/glsa/202004-17","https://security.netapp.com/advisory/ntap-20200110-0003/","https://usn.ubuntu.com/4224-1/","https://www.debian.org/security/2020/dsa-4598","https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"],"published_time":"2019-12-18T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19813","summary":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01247,"ranking_epss":0.79303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4414-1/","https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4414-1/"],"published_time":"2019-12-17T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19816","summary":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01154,"ranking_epss":0.7852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4414-1/","https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4414-1/"],"published_time":"2019-12-17T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19830","summary":"_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00544,"ranking_epss":0.6775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html","https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4583","https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html","https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4583","https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias"],"published_time":"2019-12-17T05:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19783","summary":"An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01281,"ranking_epss":0.79584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/","https://seclists.org/bugtraq/2019/Dec/38","https://security.gentoo.org/glsa/202006-23","https://usn.ubuntu.com/4566-1/","https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html","https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html","https://www.debian.org/security/2019/dsa-4590","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/","https://seclists.org/bugtraq/2019/Dec/38","https://security.gentoo.org/glsa/202006-23","https://usn.ubuntu.com/4566-1/","https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html","https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html","https://www.debian.org/security/2019/dsa-4590"],"published_time":"2019-12-16T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19807","summary":"In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97","https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97","https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/"],"published_time":"2019-12-15T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19725","summary":"sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00961,"ranking_epss":0.7649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sysstat/sysstat/issues/242","https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html","https://security.gentoo.org/glsa/202007-22","https://usn.ubuntu.com/4242-1/","https://github.com/sysstat/sysstat/issues/242","https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html","https://security.gentoo.org/glsa/202007-22","https://usn.ubuntu.com/4242-1/"],"published_time":"2019-12-11T18:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14861","summary":"All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.","cvss":5.3,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.3,"cvss_v4":null,"epss":0.04997,"ranking_epss":0.89705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html","http://www.openwall.com/lists/oss-security/2024/06/24/3","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20191210-0002/","https://usn.ubuntu.com/4217-1/","https://usn.ubuntu.com/4217-2/","https://www.samba.org/samba/security/CVE-2019-14861.html","https://www.synology.com/security/advisory/Synology_SA_19_40","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html","http://www.openwall.com/lists/oss-security/2024/06/24/3","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20191210-0002/","https://usn.ubuntu.com/4217-1/","https://usn.ubuntu.com/4217-2/","https://www.samba.org/samba/security/CVE-2019-14861.html","https://www.synology.com/security/advisory/Synology_SA_19_40"],"published_time":"2019-12-10T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14870","summary":"All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.","cvss":5.4,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":5.4,"cvss_v4":null,"epss":0.04669,"ranking_epss":0.89324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/","https://security.gentoo.org/glsa/202003-52","https://security.gentoo.org/glsa/202310-06","https://security.netapp.com/advisory/ntap-20191210-0002/","https://security.netapp.com/advisory/ntap-20230216-0008/","https://usn.ubuntu.com/4217-1/","https://usn.ubuntu.com/4217-2/","https://www.samba.org/samba/security/CVE-2019-14870.html","https://www.synology.com/security/advisory/Synology_SA_19_40","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870","https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/","https://security.gentoo.org/glsa/202003-52","https://security.gentoo.org/glsa/202310-06","https://security.netapp.com/advisory/ntap-20191210-0002/","https://security.netapp.com/advisory/ntap-20230216-0008/","https://usn.ubuntu.com/4217-1/","https://usn.ubuntu.com/4217-2/","https://www.samba.org/samba/security/CVE-2019-14870.html","https://www.synology.com/security/advisory/Synology_SA_19_40"],"published_time":"2019-12-10T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14889","summary":"A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.","cvss":7.1,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.1,"cvss_v4":null,"epss":0.01034,"ranking_epss":0.77368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889","https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/","https://security.gentoo.org/glsa/202003-27","https://usn.ubuntu.com/4219-1/","https://www.libssh.org/security/advisories/CVE-2019-14889.txt","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889","https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html","https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/","https://security.gentoo.org/glsa/202003-27","https://usn.ubuntu.com/4219-1/","https://www.libssh.org/security/advisories/CVE-2019-14889.txt","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-12-10T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13753","summary":"Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.04173,"ranking_epss":0.88698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025471","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025471","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13750","summary":"Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025464","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025464","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13751","summary":"Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00999,"ranking_epss":0.76975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025465","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025465","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13752","summary":"Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.04173,"ranking_epss":0.88698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025470","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025470","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13734","summary":"Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.05904,"ranking_epss":0.90601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://access.redhat.com/errata/RHSA-2020:0227","https://access.redhat.com/errata/RHSA-2020:0229","https://access.redhat.com/errata/RHSA-2020:0273","https://access.redhat.com/errata/RHSA-2020:0451","https://access.redhat.com/errata/RHSA-2020:0463","https://access.redhat.com/errata/RHSA-2020:0476","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025466","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","https://www.oracle.com/security-alerts/cpujan2022.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://access.redhat.com/errata/RHSA-2020:0227","https://access.redhat.com/errata/RHSA-2020:0229","https://access.redhat.com/errata/RHSA-2020:0273","https://access.redhat.com/errata/RHSA-2020:0451","https://access.redhat.com/errata/RHSA-2020:0463","https://access.redhat.com/errata/RHSA-2020:0476","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025466","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","https://www.oracle.com/security-alerts/cpujan2022.html"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19448","summary":"In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00777,"ranking_epss":0.73636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4578-1/","https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448","https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4578-1/"],"published_time":"2019-12-08T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-1551","summary":"There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.03874,"ranking_epss":0.88236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html","http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html","https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f","https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98","https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/","https://seclists.org/bugtraq/2019/Dec/39","https://seclists.org/bugtraq/2019/Dec/46","https://security.gentoo.org/glsa/202004-10","https://security.netapp.com/advisory/ntap-20191210-0001/","https://usn.ubuntu.com/4376-1/","https://usn.ubuntu.com/4504-1/","https://www.debian.org/security/2019/dsa-4594","https://www.debian.org/security/2021/dsa-4855","https://www.openssl.org/news/secadv/20191206.txt","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.tenable.com/security/tns-2019-09","https://www.tenable.com/security/tns-2020-03","https://www.tenable.com/security/tns-2020-11","https://www.tenable.com/security/tns-2021-10","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html","http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html","https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f","https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98","https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/","https://seclists.org/bugtraq/2019/Dec/39","https://seclists.org/bugtraq/2019/Dec/46","https://security.gentoo.org/glsa/202004-10","https://security.netapp.com/advisory/ntap-20191210-0001/","https://usn.ubuntu.com/4376-1/","https://usn.ubuntu.com/4504-1/","https://www.debian.org/security/2019/dsa-4594","https://www.debian.org/security/2021/dsa-4855","https://www.openssl.org/news/secadv/20191206.txt","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.tenable.com/security/tns-2019-09","https://www.tenable.com/security/tns-2020-03","https://www.tenable.com/security/tns-2020-11","https://www.tenable.com/security/tns-2021-10"],"published_time":"2019-12-06T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19602","summary":"fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.","cvss":6.1,"cvss_version":3.0,"cvss_v2":5.4,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.kernel.org/show_bug.cgi?id=205663","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c4bd853abcea95eccc167a7d7fd5f1a5f47b98","https://github.com/golang/go/issues/35777#issuecomment-561935388","https://github.com/torvalds/linux/commit/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4284-1/","https://bugzilla.kernel.org/show_bug.cgi?id=205663","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c4bd853abcea95eccc167a7d7fd5f1a5f47b98","https://github.com/golang/go/issues/35777#issuecomment-561935388","https://github.com/torvalds/linux/commit/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4284-1/"],"published_time":"2019-12-05T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19529","summary":"In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.","cvss":6.3,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17953,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d6636498c41891d0482a914dd570343a838ad79","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d6636498c41891d0482a914dd570343a838ad79","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/"],"published_time":"2019-12-03T16:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19534","summary":"In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00119,"ranking_epss":0.30789,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/"],"published_time":"2019-12-03T16:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19524","summary":"In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://seclists.org/bugtraq/2020/Jan/10","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://seclists.org/bugtraq/2020/Jan/10","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/"],"published_time":"2019-12-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19526","summary":"In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6af3aa57a0984e061f61308fe181a9a12359fecc","https://usn.ubuntu.com/4226-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://www.openwall.com/lists/oss-security/2019/12/03/4","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6af3aa57a0984e061f61308fe181a9a12359fecc","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-12-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2012-4428","summary":"openslp: SLPIntersectStringList()' Function has a DoS vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.33319,"ranking_epss":0.96916,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html","http://www.openwall.com/lists/oss-security/2012/09/13/27","http://www.securityfocus.com/bid/55540","http://www.ubuntu.com/usn/USN-2730-1","https://access.redhat.com/security/cve/cve-2012-4428","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428","https://exchange.xforce.ibmcloud.com/vulnerabilities/78732","https://security-tracker.debian.org/tracker/CVE-2012-4428","https://security.gentoo.org/glsa/201707-05","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html","http://www.openwall.com/lists/oss-security/2012/09/13/27","http://www.securityfocus.com/bid/55540","http://www.ubuntu.com/usn/USN-2730-1","https://access.redhat.com/security/cve/cve-2012-4428","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428","https://exchange.xforce.ibmcloud.com/vulnerabilities/78732","https://security-tracker.debian.org/tracker/CVE-2012-4428","https://security.gentoo.org/glsa/201707-05"],"published_time":"2019-12-02T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18609","summary":"An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02763,"ranking_epss":0.86024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md","https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a","https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU/","https://news.ycombinator.com/item?id=21681976","https://security.gentoo.org/glsa/202003-07","https://usn.ubuntu.com/4214-1/","https://usn.ubuntu.com/4214-2/","https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md","https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a","https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU/","https://news.ycombinator.com/item?id=21681976","https://security.gentoo.org/glsa/202003-07","https://usn.ubuntu.com/4214-1/","https://usn.ubuntu.com/4214-2/"],"published_time":"2019-12-01T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19462","summary":"relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/","https://security.netapp.com/advisory/ntap-20210129-0004/","https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8","https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531","https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046","https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4425-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/","https://security.netapp.com/advisory/ntap-20210129-0004/","https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8","https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531","https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046","https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b","https://usn.ubuntu.com/4414-1/","https://usn.ubuntu.com/4425-1/","https://usn.ubuntu.com/4439-1/","https://usn.ubuntu.com/4440-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699"],"published_time":"2019-11-30T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-3406","summary":"The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01266,"ranking_epss":0.79457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://ubuntu.com/usn/usn-2607-1","http://www.openwall.com/lists/oss-security/2015/04/07/1","http://www.openwall.com/lists/oss-security/2015/04/23/17","https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f","https://metacpan.org/changes/distribution/Module-Signature","http://ubuntu.com/usn/usn-2607-1","http://www.openwall.com/lists/oss-security/2015/04/07/1","http://www.openwall.com/lists/oss-security/2015/04/23/17","https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f","https://metacpan.org/changes/distribution/Module-Signature"],"published_time":"2019-11-29T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14901","summary":"A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.","cvss":8.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0547,"ranking_epss":0.90199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/"],"published_time":"2019-11-29T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14897","summary":"A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.","cvss":6.6,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/"],"published_time":"2019-11-29T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14895","summary":"A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.","cvss":8.0,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00831,"ranking_epss":0.74561,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0543","https://access.redhat.com/errata/RHSA-2020:0592","https://access.redhat.com/errata/RHSA-2020:0609","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","https://www.openwall.com/lists/oss-security/2019/11/22/2","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0543","https://access.redhat.com/errata/RHSA-2020:0592","https://access.redhat.com/errata/RHSA-2020:0609","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","https://www.openwall.com/lists/oss-security/2019/11/22/2"],"published_time":"2019-11-29T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19318","summary":"In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4414-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318","https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4414-1/"],"published_time":"2019-11-28T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18660","summary":"The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/11/27/1","https://access.redhat.com/errata/RHSA-2020:0174","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","https://www.openwall.com/lists/oss-security/2019/11/27/1","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/11/27/1","https://access.redhat.com/errata/RHSA-2020:0174","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","https://www.openwall.com/lists/oss-security/2019/11/27/1"],"published_time":"2019-11-27T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19242","summary":"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.002,"ranking_epss":0.4213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-11-27T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10220","summary":"Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.","cvss":8.0,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00744,"ranking_epss":0.73022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4226-1/","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-27T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19330","summary":"The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00957,"ranking_epss":0.76443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e","https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878","https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344","https://seclists.org/bugtraq/2019/Nov/45","https://security.gentoo.org/glsa/202004-01","https://tools.ietf.org/html/rfc7540#section-10.3","https://usn.ubuntu.com/4212-1/","https://www.debian.org/security/2019/dsa-4577","https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e","https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878","https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344","https://seclists.org/bugtraq/2019/Nov/45","https://security.gentoo.org/glsa/202004-01","https://tools.ietf.org/html/rfc7540#section-10.3","https://usn.ubuntu.com/4212-1/","https://www.debian.org/security/2019/dsa-4577"],"published_time":"2019-11-27T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14896","summary":"A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.","cvss":7.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00738,"ranking_epss":0.72851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://security.netapp.com/advisory/ntap-20200103-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/"],"published_time":"2019-11-27T09:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18679","summary":"An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.38425,"ranking_epss":0.97238,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.squid-cache.org/Advisories/SQUID-2019_11.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156324","https://github.com/squid-cache/squid/pull/491","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682","http://www.squid-cache.org/Advisories/SQUID-2019_11.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156324","https://github.com/squid-cache/squid/pull/491","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2019-11-26T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18676","summary":"An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01373,"ranking_epss":0.80232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.squid-cache.org/Advisories/SQUID-2019_8.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156329","https://github.com/squid-cache/squid/pull/275","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://usn.ubuntu.com/4213-1/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682","http://www.squid-cache.org/Advisories/SQUID-2019_8.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156329","https://github.com/squid-cache/squid/pull/275","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://usn.ubuntu.com/4213-1/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2019-11-26T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18677","summary":"An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.","cvss":6.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.1,"cvss_v4":null,"epss":0.04214,"ranking_epss":0.88758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.squid-cache.org/Advisories/SQUID-2019_9.txt","http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156328","https://github.com/squid-cache/squid/pull/427","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682","http://www.squid-cache.org/Advisories/SQUID-2019_9.txt","http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch","http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156328","https://github.com/squid-cache/squid/pull/427","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2019-11-26T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18678","summary":"An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.09955,"ranking_epss":0.93033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.squid-cache.org/Advisories/SQUID-2019_10.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156323","https://github.com/squid-cache/squid/pull/445","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682","http://www.squid-cache.org/Advisories/SQUID-2019_10.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch","https://bugzilla.suse.com/show_bug.cgi?id=1156323","https://github.com/squid-cache/squid/pull/445","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2019-11-26T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15845","summary":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://hackerone.com/reports/449617","https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html","https://seclists.org/bugtraq/2019/Dec/31","https://seclists.org/bugtraq/2019/Dec/32","https://security.gentoo.org/glsa/202003-06","https://usn.ubuntu.com/4201-1/","https://www.debian.org/security/2019/dsa-4587","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://hackerone.com/reports/449617","https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html","https://seclists.org/bugtraq/2019/Dec/31","https://seclists.org/bugtraq/2019/Dec/32","https://security.gentoo.org/glsa/202003-06","https://usn.ubuntu.com/4201-1/","https://www.debian.org/security/2019/dsa-4587","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2019-11-26T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12523","summary":"An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00557,"ranking_epss":0.68185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html","http://www.squid-cache.org/Advisories/SQUID-2019_8.txt","https://bugzilla.suse.com/show_bug.cgi?id=1156329","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://usn.ubuntu.com/4213-1/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html","http://www.squid-cache.org/Advisories/SQUID-2019_8.txt","https://bugzilla.suse.com/show_bug.cgi?id=1156329","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://usn.ubuntu.com/4213-1/","https://usn.ubuntu.com/4446-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2019-11-26T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12526","summary":"An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.33643,"ranking_epss":0.96937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.squid-cache.org/Advisories/SQUID-2019_7.txt","https://bugzilla.suse.com/show_bug.cgi?id=1156326","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682","http://www.squid-cache.org/Advisories/SQUID-2019_7.txt","https://bugzilla.suse.com/show_bug.cgi?id=1156326","https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/","https://security.gentoo.org/glsa/202003-34","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2020/dsa-4682"],"published_time":"2019-11-26T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19244","summary":"sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.48957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-11-25T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19246","summary":"Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00319,"ranking_epss":0.54974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.php.net/bug.php?id=78559","https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b","https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/","https://usn.ubuntu.com/4460-1/","https://bugs.php.net/bug.php?id=78559","https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b","https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/","https://usn.ubuntu.com/4460-1/"],"published_time":"2019-11-25T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14822","summary":"A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1717958","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822","https://usn.ubuntu.com/4134-3/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://bugzilla.redhat.com/show_bug.cgi?id=1717958","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822","https://usn.ubuntu.com/4134-3/","https://www.oracle.com/security-alerts/cpuapr2022.html"],"published_time":"2019-11-25T12:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19221","summary":"In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41","https://github.com/libarchive/libarchive/issues/1276","https://lists.debian.org/debian-lts-announce/2022/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4/","https://usn.ubuntu.com/4293-1/","https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41","https://github.com/libarchive/libarchive/issues/1276","https://lists.debian.org/debian-lts-announce/2022/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4/","https://usn.ubuntu.com/4293-1/"],"published_time":"2019-11-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2012-3543","summary":"mono 2.10.x ASP.NET Web Form Hash collision DoS","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01005,"ranking_epss":0.77027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2012/08/28/14","http://www.securityfocus.com/bid/55251","http://www.ubuntu.com/usn/USN-2547-1","https://access.redhat.com/security/cve/cve-2012-3543","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543","https://security-tracker.debian.org/tracker/CVE-2012-3543","http://www.openwall.com/lists/oss-security/2012/08/28/14","http://www.securityfocus.com/bid/55251","http://www.ubuntu.com/usn/USN-2547-1","https://access.redhat.com/security/cve/cve-2012-3543","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543","https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543","https://security-tracker.debian.org/tracker/CVE-2012-3543"],"published_time":"2019-11-21T14:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19039","summary":"__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.","cvss":5.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00428,"ranking_epss":0.62456,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039","https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html","https://usn.ubuntu.com/4414-1/","https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039","https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html","https://usn.ubuntu.com/4414-1/"],"published_time":"2019-11-21T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-3166","summary":"The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.05386,"ranking_epss":0.90116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://ubuntu.com/usn/usn-2621-1","http://www.debian.org/security/2015/dsa-3269","http://www.debian.org/security/2015/dsa-3270","http://www.postgresql.org/about/news/1587/","http://www.postgresql.org/docs/9.0/static/release-9-0-20.html","http://www.postgresql.org/docs/9.1/static/release-9-1-16.html","http://www.postgresql.org/docs/9.2/static/release-9-2-11.html","http://www.postgresql.org/docs/9.3/static/release-9-3-7.html","http://www.postgresql.org/docs/9.4/static/release-9-4-2.html","http://ubuntu.com/usn/usn-2621-1","http://www.debian.org/security/2015/dsa-3269","http://www.debian.org/security/2015/dsa-3270","http://www.postgresql.org/about/news/1587/","http://www.postgresql.org/docs/9.0/static/release-9-0-20.html","http://www.postgresql.org/docs/9.1/static/release-9-1-16.html","http://www.postgresql.org/docs/9.2/static/release-9-2-11.html","http://www.postgresql.org/docs/9.3/static/release-9-3-7.html","http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"],"published_time":"2019-11-20T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-3167","summary":"contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01812,"ranking_epss":0.82838,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://ubuntu.com/usn/usn-2621-1","http://www.debian.org/security/2015/dsa-3269","http://www.debian.org/security/2015/dsa-3270","http://www.postgresql.org/about/news/1587/","http://www.postgresql.org/docs/9.0/static/release-9-0-20.html","http://www.postgresql.org/docs/9.1/static/release-9-1-16.html","http://www.postgresql.org/docs/9.2/static/release-9-2-11.html","http://www.postgresql.org/docs/9.3/static/release-9-3-7.html","http://www.postgresql.org/docs/9.4/static/release-9-4-2.html","http://ubuntu.com/usn/usn-2621-1","http://www.debian.org/security/2015/dsa-3269","http://www.debian.org/security/2015/dsa-3270","http://www.postgresql.org/about/news/1587/","http://www.postgresql.org/docs/9.0/static/release-9-0-20.html","http://www.postgresql.org/docs/9.1/static/release-9-1-16.html","http://www.postgresql.org/docs/9.2/static/release-9-2-11.html","http://www.postgresql.org/docs/9.3/static/release-9-3-7.html","http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"],"published_time":"2019-11-20T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-1607","summary":"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0063,"ranking_epss":0.70279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392","http://www.openwall.com/lists/oss-security/2015/02/13/14","http://www.openwall.com/lists/oss-security/2015/02/14/6","http://www.securityfocus.com/bid/72610","http://www.ubuntu.com/usn/usn-2554-1/","https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html","https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html","https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html","https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html","http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392","http://www.openwall.com/lists/oss-security/2015/02/13/14","http://www.openwall.com/lists/oss-security/2015/02/14/6","http://www.securityfocus.com/bid/72610","http://www.ubuntu.com/usn/usn-2554-1/","https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html","https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html","https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html","https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"],"published_time":"2019-11-20T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3466","summary":"The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/","https://usn.ubuntu.com/4194-2/","https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/","https://usn.ubuntu.com/4194-2/"],"published_time":"2019-11-20T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19126","summary":"On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/","https://sourceware.org/bugzilla/show_bug.cgi?id=25204","https://usn.ubuntu.com/4416-1/","https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/","https://sourceware.org/bugzilla/show_bug.cgi?id=25204","https://usn.ubuntu.com/4416-1/"],"published_time":"2019-11-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19071","summary":"A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00736,"ranking_epss":0.72811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/torvalds/linux/commit/d563131ef23cbc756026f839a82598c8445bc45f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://github.com/torvalds/linux/commit/d563131ef23cbc756026f839a82598c8445bc45f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19072","summary":"A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.","cvss":4.4,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19074","summary":"A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00466,"ranking_epss":0.64402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4526-1/","https://usn.ubuntu.com/4527-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4526-1/","https://usn.ubuntu.com/4527-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19075","summary":"A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01188,"ranking_epss":0.78812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://github.com/torvalds/linux/commit/6402939ec86eaf226c8b8ae00ed983936b164908","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4226-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://github.com/torvalds/linux/commit/6402939ec86eaf226c8b8ae00ed983936b164908","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19076","summary":"A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted","cvss":5.9,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.9,"cvss_v4":null,"epss":0.02333,"ranking_epss":0.8484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6","https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2","https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca","https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4209-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6","https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2","https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca","https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4209-1/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19077","summary":"A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/4a9d46a9fe14401f21df69cea97c62396d5fb053","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/4a9d46a9fe14401f21df69cea97c62396d5fb053","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19078","summary":"A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03952,"ranking_epss":0.88354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/b8d17e7d93d2beb89e4f34c59996376b8b544792","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/b8d17e7d93d2beb89e4f34c59996376b8b544792","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19079","summary":"A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01267,"ranking_epss":0.79464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3","https://github.com/torvalds/linux/commit/a21b7f0cff1906a93a0130b74713b15a0b36481d","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3","https://github.com/torvalds/linux/commit/a21b7f0cff1906a93a0130b74713b15a0b36481d","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19082","summary":"Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/104c307147ad379617472dd91a5bcb368d72bd6d","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/104c307147ad379617472dd91a5bcb368d72bd6d","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19083","summary":"Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://github.com/torvalds/linux/commit/055e547478a11a6360c7ce05e2afc3e366968a12","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://github.com/torvalds/linux/commit/055e547478a11a6360c7ce05e2afc3e366968a12","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/"],"published_time":"2019-11-18T06:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19055","summary":"A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1157319","https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://bugzilla.suse.com/show_bug.cgi?id=1157319","https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19056","summary":"A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/db8fd2cde93227e566a412cf53173ffa227998bc","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/db8fd2cde93227e566a412cf53173ffa227998bc","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19057","summary":"Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19058","summary":"A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19059","summary":"Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19060","summary":"A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00839,"ranking_epss":0.74693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4364-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4364-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19061","summary":"A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0111,"ranking_epss":0.78143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4526-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4526-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19062","summary":"A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19063","summary":"Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.2234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19065","summary":"A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because \"rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem).","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4226-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19066","summary":"A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19067","summary":"Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading","cvss":4.4,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://bugzilla.suse.com/show_bug.cgi?id=1157180","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://github.com/torvalds/linux/commit/57be09c6e8747bf48704136d9e3f92bfb93f5725","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4526-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://bugzilla.suse.com/show_bug.cgi?id=1157180","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://github.com/torvalds/linux/commit/57be09c6e8747bf48704136d9e3f92bfb93f5725","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4526-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19068","summary":"A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://usn.ubuntu.com/4302-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19069","summary":"A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01117,"ranking_epss":0.78214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/"],"published_time":"2019-11-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19043","summary":"A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30999,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19044","summary":"Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02087,"ranking_epss":0.84014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19045","summary":"A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.","cvss":4.4,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/c8c2a057fdc7de1cd16f4baa51425b932a42eb39","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/c8c2a057fdc7de1cd16f4baa51425b932a42eb39","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19047","summary":"A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22971,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19048","summary":"A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01195,"ranking_epss":0.78876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/e0b0cb9388642c104838fac100a4af32745621e2","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4226-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9","https://github.com/torvalds/linux/commit/e0b0cb9388642c104838fac100a4af32745621e2","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19050","summary":"A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01089,"ranking_epss":0.7793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html","https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19051","summary":"A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12904,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/6f3ef5c25cc762687a7341c18cbea5af54461407","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4302-1/","https://usn.ubuntu.com/4344-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/6f3ef5c25cc762687a7341c18cbea5af54461407","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4302-1/","https://usn.ubuntu.com/4344-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19052","summary":"A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01701,"ranking_epss":0.82298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11","https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4228-1/","https://usn.ubuntu.com/4228-2/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19053","summary":"A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/","https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4300-1/","https://usn.ubuntu.com/4301-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19054","summary":"A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/","https://usn.ubuntu.com/4527-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/","https://usn.ubuntu.com/4527-1/"],"published_time":"2019-11-18T06:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18978","summary":"An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01017,"ranking_epss":0.77181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d","https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4","https://lists.debian.org/debian-lts-announce/2020/02/msg00004.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00000.html","https://usn.ubuntu.com/4571-1/","https://www.debian.org/security/2021/dsa-4918","https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d","https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4","https://lists.debian.org/debian-lts-announce/2020/02/msg00004.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00000.html","https://usn.ubuntu.com/4571-1/","https://www.debian.org/security/2021/dsa-4918"],"published_time":"2019-11-14T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12207","summary":"Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00262,"ranking_epss":0.49534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K17269881?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K17269881?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2019-11-14T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11135","summary":"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00319,"ranking_epss":0.54928,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/12/10/3","http://www.openwall.com/lists/oss-security/2019/12/10/4","http://www.openwall.com/lists/oss-security/2019/12/11/1","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0279","https://access.redhat.com/errata/RHSA-2020:0366","https://access.redhat.com/errata/RHSA-2020:0555","https://access.redhat.com/errata/RHSA-2020:0666","https://access.redhat.com/errata/RHSA-2020:0730","https://kc.mcafee.com/corporate/index?page=content&id=SB10306","https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2019/Dec/28","https://seclists.org/bugtraq/2019/Nov/26","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K02912734?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html","https://www.oracle.com/security-alerts/cpujan2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/12/10/3","http://www.openwall.com/lists/oss-security/2019/12/10/4","http://www.openwall.com/lists/oss-security/2019/12/11/1","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0279","https://access.redhat.com/errata/RHSA-2020:0366","https://access.redhat.com/errata/RHSA-2020:0555","https://access.redhat.com/errata/RHSA-2020:0666","https://access.redhat.com/errata/RHSA-2020:0730","https://kc.mcafee.com/corporate/index?page=content&id=SB10306","https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2019/Dec/28","https://seclists.org/bugtraq/2019/Nov/26","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K02912734?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2019-11-14T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0154","summary":"Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0204","https://seclists.org/bugtraq/2019/Nov/26","https://security.netapp.com/advisory/ntap-20200320-0004/","https://support.f5.com/csp/article/K73659122?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html","http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0204","https://seclists.org/bugtraq/2019/Nov/26","https://security.netapp.com/advisory/ntap-20200320-0004/","https://support.f5.com/csp/article/K73659122?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html"],"published_time":"2019-11-14T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0155","summary":"Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32144,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2019:3841","https://access.redhat.com/errata/RHSA-2019:3887","https://access.redhat.com/errata/RHSA-2019:3889","https://access.redhat.com/errata/RHSA-2019:3908","https://access.redhat.com/errata/RHSA-2020:0204","https://seclists.org/bugtraq/2019/Nov/26","https://security.netapp.com/advisory/ntap-20200320-0005/","https://support.f5.com/csp/article/K73659122?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html","http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2019:3841","https://access.redhat.com/errata/RHSA-2019:3887","https://access.redhat.com/errata/RHSA-2019:3889","https://access.redhat.com/errata/RHSA-2019:3908","https://access.redhat.com/errata/RHSA-2020:0204","https://seclists.org/bugtraq/2019/Nov/26","https://security.netapp.com/advisory/ntap-20200320-0005/","https://support.f5.com/csp/article/K73659122?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html"],"published_time":"2019-11-14T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2214","summary":"In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://source.android.com/security/bulletin/2019-11-01","https://usn.ubuntu.com/4226-1/","http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html","https://source.android.com/security/bulletin/2019-11-01","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-13T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2201","summary":"In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01083,"ranking_epss":0.77868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html","https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/","https://security.gentoo.org/glsa/202003-23","https://source.android.com/security/bulletin/2019-11-01","https://usn.ubuntu.com/4190-1/","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html","https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/","https://security.gentoo.org/glsa/202003-23","https://source.android.com/security/bulletin/2019-11-01","https://usn.ubuntu.com/4190-1/"],"published_time":"2019-11-13T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18849","summary":"In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01023,"ranking_epss":0.77249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18","https://github.com/verdammelt/tnef/pull/40","https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/","https://usn.ubuntu.com/4524-1/","https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18","https://github.com/verdammelt/tnef/pull/40","https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/","https://usn.ubuntu.com/4524-1/"],"published_time":"2019-11-11T04:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-1429","summary":"Lintian before 2.5.12 allows remote attackers to gather information about the \"host\" system using crafted symlinks.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00998,"ranking_epss":0.76962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636","https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html","https://security-tracker.debian.org/tracker/CVE-2013-1429","https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html","https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636","https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html","https://security-tracker.debian.org/tracker/CVE-2013-1429","https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html"],"published_time":"2019-11-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18808","summary":"A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://www.openwall.com/lists/oss-security/2021/09/14/1","https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://www.openwall.com/lists/oss-security/2021/09/14/1","https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4525-1/","https://usn.ubuntu.com/4526-1/"],"published_time":"2019-11-07T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18809","summary":"A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://usn.ubuntu.com/4300-1/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://usn.ubuntu.com/4300-1/"],"published_time":"2019-11-07T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18810","summary":"A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01275,"ranking_epss":0.7954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ecd6fdbf5d648123a7315c695fb6850d702835","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ecd6fdbf5d648123a7315c695fb6850d702835","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4208-1/"],"published_time":"2019-11-07T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18813","summary":"A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01487,"ranking_epss":0.81037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/"],"published_time":"2019-11-07T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18804","summary":"DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04581,"ranking_epss":0.8922,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html","https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md","https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYPWP5T7TSUNZV4UEIRRCTVWO6VBZWJV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWT7E7BMWV5T33AMU6OGDPPTPIGCFFZF/","https://sourceforge.net/p/djvu/bugs/309/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html","https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md","https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYPWP5T7TSUNZV4UEIRRCTVWO6VBZWJV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWT7E7BMWV5T33AMU6OGDPPTPIGCFFZF/","https://sourceforge.net/p/djvu/bugs/309/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032"],"published_time":"2019-11-07T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18786","summary":"In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchwork.linuxtv.org/patch/59542/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://patchwork.linuxtv.org/patch/59542/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-11-06T03:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5068","summary":"An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.","cvss":5.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html","https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc","https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html","https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857","https://usn.ubuntu.com/4271-1/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html","https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc","https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html","https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857","https://usn.ubuntu.com/4271-1/"],"published_time":"2019-11-05T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5331","summary":"Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22827,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html","http://www.debian.org/security/2017/dsa-3765","http://www.openwall.com/lists/oss-security/2017/01/11/3","http://www.securityfocus.com/bid/95378","http://www.ubuntu.com/usn/USN-3178-1","https://bugzilla.redhat.com/show_bug.cgi?id=1412248","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html","http://www.debian.org/security/2017/dsa-3765","http://www.openwall.com/lists/oss-security/2017/01/11/3","http://www.securityfocus.com/bid/95378","http://www.ubuntu.com/usn/USN-3178-1","https://bugzilla.redhat.com/show_bug.cgi?id=1412248"],"published_time":"2019-11-04T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5332","summary":"The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00234,"ranking_epss":0.46239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html","http://rhn.redhat.com/errata/RHSA-2017-0837.html","http://www.debian.org/security/2017/dsa-3765","http://www.openwall.com/lists/oss-security/2017/01/11/3","http://www.securityfocus.com/bid/95380","http://www.ubuntu.com/usn/USN-3178-1","https://bugzilla.redhat.com/show_bug.cgi?id=1412263","https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html","http://rhn.redhat.com/errata/RHSA-2017-0837.html","http://www.debian.org/security/2017/dsa-3765","http://www.openwall.com/lists/oss-security/2017/01/11/3","http://www.securityfocus.com/bid/95380","http://www.ubuntu.com/usn/USN-3178-1","https://bugzilla.redhat.com/show_bug.cgi?id=1412263","https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a"],"published_time":"2019-11-04T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5333","summary":"Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00234,"ranking_epss":0.46239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html","http://rhn.redhat.com/errata/RHSA-2017-0837.html","http://www.debian.org/security/2017/dsa-3765","http://www.openwall.com/lists/oss-security/2017/01/11/3","http://www.securityfocus.com/bid/95678","http://www.ubuntu.com/usn/USN-3178-1","https://bugzilla.redhat.com/show_bug.cgi?id=1412259","https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html","http://rhn.redhat.com/errata/RHSA-2017-0837.html","http://www.debian.org/security/2017/dsa-3765","http://www.openwall.com/lists/oss-security/2017/01/11/3","http://www.securityfocus.com/bid/95678","http://www.ubuntu.com/usn/USN-3178-1","https://bugzilla.redhat.com/show_bug.cgi?id=1412259","https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a"],"published_time":"2019-11-04T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18683","summary":"An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00998,"ranking_epss":0.76964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/11/05/1","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.openwall.com/lists/oss-security/2019/11/02/1","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/11/05/1","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/","https://seclists.org/bugtraq/2020/Jan/10","https://security.netapp.com/advisory/ntap-20191205-0001/","https://usn.ubuntu.com/4254-1/","https://usn.ubuntu.com/4254-2/","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://www.openwall.com/lists/oss-security/2019/11/02/1"],"published_time":"2019-11-04T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13508","summary":"FreeTDS through 1.1.11 has a Buffer Overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00573,"ranking_epss":0.68683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00067.html","https://usn.ubuntu.com/4173-1/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00067.html","https://usn.ubuntu.com/4173-1/"],"published_time":"2019-10-31T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15681","summary":"LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.06191,"ranking_epss":0.90857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a","https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html","https://usn.ubuntu.com/4407-1/","https://usn.ubuntu.com/4547-1/","https://usn.ubuntu.com/4573-1/","https://usn.ubuntu.com/4587-1/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html","https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf","https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a","https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html","https://usn.ubuntu.com/4407-1/","https://usn.ubuntu.com/4547-1/","https://usn.ubuntu.com/4573-1/","https://usn.ubuntu.com/4587-1/"],"published_time":"2019-10-29T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11043","summary":"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.","cvss":8.7,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":8.7,"cvss_v4":null,"epss":0.94053,"ranking_epss":0.99902,"kev":true,"propose_action":"In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.","ransomware_campaign":"Known","references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html","http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Jan/40","https://access.redhat.com/errata/RHSA-2019:3286","https://access.redhat.com/errata/RHSA-2019:3287","https://access.redhat.com/errata/RHSA-2019:3299","https://access.redhat.com/errata/RHSA-2019:3300","https://access.redhat.com/errata/RHSA-2019:3724","https://access.redhat.com/errata/RHSA-2019:3735","https://access.redhat.com/errata/RHSA-2019:3736","https://access.redhat.com/errata/RHSA-2020:0322","https://bugs.php.net/bug.php?id=78599","https://github.com/neex/phuip-fpizdam","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/","https://seclists.org/bugtraq/2020/Jan/44","https://security.netapp.com/advisory/ntap-20191031-0003/","https://support.apple.com/kb/HT210919","https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4166-1/","https://usn.ubuntu.com/4166-2/","https://www.debian.org/security/2019/dsa-4552","https://www.debian.org/security/2019/dsa-4553","https://www.synology.com/security/advisory/Synology_SA_19_36","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html","http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Jan/40","https://access.redhat.com/errata/RHSA-2019:3286","https://access.redhat.com/errata/RHSA-2019:3287","https://access.redhat.com/errata/RHSA-2019:3299","https://access.redhat.com/errata/RHSA-2019:3300","https://access.redhat.com/errata/RHSA-2019:3724","https://access.redhat.com/errata/RHSA-2019:3735","https://access.redhat.com/errata/RHSA-2019:3736","https://access.redhat.com/errata/RHSA-2020:0322","https://bugs.php.net/bug.php?id=78599","https://github.com/neex/phuip-fpizdam","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/","https://seclists.org/bugtraq/2020/Jan/44","https://security.netapp.com/advisory/ntap-20191031-0003/","https://support.apple.com/kb/HT210919","https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4166-1/","https://usn.ubuntu.com/4166-2/","https://www.debian.org/security/2019/dsa-4552","https://www.debian.org/security/2019/dsa-4553","https://www.synology.com/security/advisory/Synology_SA_19_36","https://www.tenable.com/security/tns-2021-14","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11043"],"published_time":"2019-10-28T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18408","summary":"archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04588,"ranking_epss":0.89231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0203","https://access.redhat.com/errata/RHSA-2020:0246","https://access.redhat.com/errata/RHSA-2020:0271","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689","https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60","https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0","https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LZ4VJGTCYEJSDLOEWUUFG6TM4SUPFSY/","https://seclists.org/bugtraq/2019/Nov/2","https://security.gentoo.org/glsa/202003-28","https://support.f5.com/csp/article/K52144175?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4169-1/","https://www.debian.org/security/2019/dsa-4557","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0203","https://access.redhat.com/errata/RHSA-2020:0246","https://access.redhat.com/errata/RHSA-2020:0271","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689","https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60","https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0","https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LZ4VJGTCYEJSDLOEWUUFG6TM4SUPFSY/","https://seclists.org/bugtraq/2019/Nov/2","https://security.gentoo.org/glsa/202003-28","https://support.f5.com/csp/article/K52144175?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4169-1/","https://www.debian.org/security/2019/dsa-4557"],"published_time":"2019-10-24T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15587","summary":"In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.","cvss":5.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.4,"cvss_v4":null,"epss":0.03032,"ranking_epss":0.86657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/flavorjones/loofah/issues/171","https://hackerone.com/reports/709009","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WK2UG7ORKRQOJ6E4XJ2NVIHYJES6BYZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMCWPLYPNIWYAY443IZZJ4IHBBLIHBP5/","https://security.netapp.com/advisory/ntap-20191122-0003/","https://usn.ubuntu.com/4498-1/","https://www.debian.org/security/2019/dsa-4554","https://github.com/flavorjones/loofah/issues/171","https://hackerone.com/reports/709009","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WK2UG7ORKRQOJ6E4XJ2NVIHYJES6BYZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMCWPLYPNIWYAY443IZZJ4IHBBLIHBP5/","https://security.netapp.com/advisory/ntap-20191122-0003/","https://usn.ubuntu.com/4498-1/","https://www.debian.org/security/2019/dsa-4554"],"published_time":"2019-10-22T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18218","summary":"cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00174,"ranking_epss":0.38771,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780","https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84","https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/","https://security.gentoo.org/glsa/202003-24","https://security.netapp.com/advisory/ntap-20200115-0001/","https://usn.ubuntu.com/4172-1/","https://usn.ubuntu.com/4172-2/","https://www.debian.org/security/2019/dsa-4550","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780","https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84","https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/","https://security.gentoo.org/glsa/202003-24","https://security.netapp.com/advisory/ntap-20200115-0001/","https://usn.ubuntu.com/4172-1/","https://usn.ubuntu.com/4172-2/","https://www.debian.org/security/2019/dsa-4550"],"published_time":"2019-10-21T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18198","summary":"In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00103,"ranking_epss":0.28198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26","https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26","https://launchpad.net/bugs/1847478","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4161-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26","https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26","https://launchpad.net/bugs/1847478","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4161-1/"],"published_time":"2019-10-18T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-18197","summary":"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04534,"ranking_epss":0.89171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","http://www.openwall.com/lists/oss-security/2019/11/17/2","https://access.redhat.com/errata/RHSA-2020:0514","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914","https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285","https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html","https://security.netapp.com/advisory/ntap-20191031-0004/","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4164-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","http://www.openwall.com/lists/oss-security/2019/11/17/2","https://access.redhat.com/errata/RHSA-2020:0514","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914","https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285","https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html","https://security.netapp.com/advisory/ntap-20191031-0004/","https://security.netapp.com/advisory/ntap-20200416-0004/","https://usn.ubuntu.com/4164-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-10-18T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14287","summary":"In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":8.8,"cvss_v4":null,"epss":0.85814,"ranking_epss":0.99384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html","http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html","http://www.openwall.com/lists/oss-security/2019/10/14/1","http://www.openwall.com/lists/oss-security/2019/10/24/1","http://www.openwall.com/lists/oss-security/2019/10/29/3","http://www.openwall.com/lists/oss-security/2021/09/14/2","https://access.redhat.com/errata/RHBA-2019:3248","https://access.redhat.com/errata/RHSA-2019:3197","https://access.redhat.com/errata/RHSA-2019:3204","https://access.redhat.com/errata/RHSA-2019:3205","https://access.redhat.com/errata/RHSA-2019:3209","https://access.redhat.com/errata/RHSA-2019:3219","https://access.redhat.com/errata/RHSA-2019:3278","https://access.redhat.com/errata/RHSA-2019:3694","https://access.redhat.com/errata/RHSA-2019:3754","https://access.redhat.com/errata/RHSA-2019:3755","https://access.redhat.com/errata/RHSA-2019:3895","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2019:4191","https://access.redhat.com/errata/RHSA-2020:0388","https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/","https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287","https://seclists.org/bugtraq/2019/Oct/20","https://seclists.org/bugtraq/2019/Oct/21","https://security.gentoo.org/glsa/202003-12","https://security.netapp.com/advisory/ntap-20191017-0003/","https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us","https://usn.ubuntu.com/4154-1/","https://www.debian.org/security/2019/dsa-4543","https://www.openwall.com/lists/oss-security/2019/10/15/2","https://www.sudo.ws/alerts/minus_1_uid.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html","http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html","http://www.openwall.com/lists/oss-security/2019/10/14/1","http://www.openwall.com/lists/oss-security/2019/10/24/1","http://www.openwall.com/lists/oss-security/2019/10/29/3","http://www.openwall.com/lists/oss-security/2021/09/14/2","https://access.redhat.com/errata/RHBA-2019:3248","https://access.redhat.com/errata/RHSA-2019:3197","https://access.redhat.com/errata/RHSA-2019:3204","https://access.redhat.com/errata/RHSA-2019:3205","https://access.redhat.com/errata/RHSA-2019:3209","https://access.redhat.com/errata/RHSA-2019:3219","https://access.redhat.com/errata/RHSA-2019:3278","https://access.redhat.com/errata/RHSA-2019:3694","https://access.redhat.com/errata/RHSA-2019:3754","https://access.redhat.com/errata/RHSA-2019:3755","https://access.redhat.com/errata/RHSA-2019:3895","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2019:4191","https://access.redhat.com/errata/RHSA-2020:0388","https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/","https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287","https://seclists.org/bugtraq/2019/Oct/20","https://seclists.org/bugtraq/2019/Oct/21","https://security.gentoo.org/glsa/202003-12","https://security.netapp.com/advisory/ntap-20191017-0003/","https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us","https://usn.ubuntu.com/4154-1/","https://www.debian.org/security/2019/dsa-4543","https://www.openwall.com/lists/oss-security/2019/10/15/2","https://www.sudo.ws/alerts/minus_1_uid.html"],"published_time":"2019-10-17T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17666","summary":"rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.","cvss":8.8,"cvss_version":3.0,"cvss_v2":8.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00448,"ranking_epss":0.63544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0543","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0740","https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/","https://lkml.org/lkml/2019/10/16/1226","https://security.netapp.com/advisory/ntap-20191031-0005/","https://twitter.com/nicowaisman/status/1184864519316758535","https://usn.ubuntu.com/4183-1/","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0543","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0740","https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/","https://lkml.org/lkml/2019/10/16/1226","https://security.netapp.com/advisory/ntap-20191031-0005/","https://twitter.com/nicowaisman/status/1184864519316758535","https://usn.ubuntu.com/4183-1/","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/"],"published_time":"2019-10-17T02:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3004","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00744,"ranking_epss":0.73026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3009","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.4,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3011","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00744,"ranking_epss":0.73026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3018","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00466,"ranking_epss":0.64398,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2991","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","cvss":5.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00429,"ranking_epss":0.62524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2992","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00898,"ranking_epss":0.75643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2993","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":5.3,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00518,"ranking_epss":0.66743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2997","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2998","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2999","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.7,"cvss_v4":null,"epss":0.01308,"ranking_epss":0.79784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3003","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00426,"ranking_epss":0.62242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2974","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","https://usn.ubuntu.com/4195-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","https://usn.ubuntu.com/4195-2/"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2975","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00488,"ranking_epss":0.65461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2978","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00476,"ranking_epss":0.6487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2981","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00333,"ranking_epss":0.5616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2982","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2983","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2988","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00514,"ranking_epss":0.66556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2962","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00476,"ranking_epss":0.64857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2963","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2964","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00476,"ranking_epss":0.64857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2966","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.42988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2967","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00744,"ranking_epss":0.73026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2968","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2969","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).","cvss":6.2,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00376,"ranking_epss":0.59171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2973","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68773,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2948","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.6131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2949","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00551,"ranking_epss":0.67974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://support.f5.com/csp/article/K54213762?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://support.f5.com/csp/article/K54213762?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2950","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.01576,"ranking_epss":0.81552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2957","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00363,"ranking_epss":0.5842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2960","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2938","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24879,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","https://usn.ubuntu.com/4195-2/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","https://usn.ubuntu.com/4195-2/"],"published_time":"2019-10-16T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2945","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2946","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00744,"ranking_epss":0.73026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2914","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0064,"ranking_epss":0.70552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2920","summary":"Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.02284,"ranking_epss":0.84692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2922","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01795,"ranking_epss":0.82759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2923","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01795,"ranking_epss":0.82759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2924","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0244,"ranking_epss":0.85175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2910","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00476,"ranking_epss":0.64852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2911","summary":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","cvss":2.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":2.7,"cvss_v4":null,"epss":0.00187,"ranking_epss":0.40462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/","https://security.netapp.com/advisory/ntap-20191017-0002/","https://usn.ubuntu.com/4195-1/"],"published_time":"2019-10-16T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2894","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.0058,"ranking_epss":0.68884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.openwall.com/lists/oss-security/2019/10/02/2","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://minerva.crocs.fi.muni.cz/","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.openwall.com/lists/oss-security/2019/10/02/2","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://minerva.crocs.fi.muni.cz/","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17539","summary":"In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00668,"ranking_epss":0.71283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733","https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c","https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html","https://security.gentoo.org/glsa/202003-65","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733","https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c","https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html","https://security.gentoo.org/glsa/202003-65","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722"],"published_time":"2019-10-14T02:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17542","summary":"FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00815,"ranking_epss":0.74283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919","https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2","https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html","https://security.gentoo.org/glsa/202003-65","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919","https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2","https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html","https://security.gentoo.org/glsa/202003-65","https://usn.ubuntu.com/4431-1/","https://www.debian.org/security/2020/dsa-4722"],"published_time":"2019-10-14T02:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17544","summary":"libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \\ character.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.0036,"ranking_epss":0.5815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109","https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8","https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html","https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html","https://usn.ubuntu.com/4155-1/","https://usn.ubuntu.com/4155-2/","https://www.debian.org/security/2021/dsa-4948","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109","https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e","https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8","https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html","https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html","https://usn.ubuntu.com/4155-1/","https://usn.ubuntu.com/4155-2/","https://www.debian.org/security/2021/dsa-4948"],"published_time":"2019-10-14T02:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2215","summary":"A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.5082,"ranking_epss":0.97862,"kev":true,"propose_action":"Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain \"AbstractEmu.\"","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html","http://seclists.org/fulldisclosure/2019/Oct/38","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://source.android.com/security/bulletin/2019-10-01","https://usn.ubuntu.com/4186-1/","http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html","http://seclists.org/fulldisclosure/2019/Oct/38","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://source.android.com/security/bulletin/2019-10-01","https://usn.ubuntu.com/4186-1/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"],"published_time":"2019-10-11T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17455","summary":"Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.07078,"ranking_epss":0.91517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145","https://gitlab.com/jas/libntlm/issues/2","https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5YWYNOJ5HMCKAHWLTY4MXZQWJJCBI7/","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17455.html","https://security-tracker.debian.org/tracker/CVE-2019-17455","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145","https://gitlab.com/jas/libntlm/issues/2","https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5YWYNOJ5HMCKAHWLTY4MXZQWJJCBI7/","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17455.html","https://security-tracker.debian.org/tracker/CVE-2019-17455"],"published_time":"2019-10-10T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17450","summary":"find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01079,"ranking_epss":0.7783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20191024-0002/","https://sourceware.org/bugzilla/show_bug.cgi?id=25078","https://usn.ubuntu.com/4336-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20191024-0002/","https://sourceware.org/bugzilla/show_bug.cgi?id=25078","https://usn.ubuntu.com/4336-1/"],"published_time":"2019-10-10T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17451","summary":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00741,"ranking_epss":0.72947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20191024-0002/","https://sourceware.org/bugzilla/show_bug.cgi?id=25070","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1","https://usn.ubuntu.com/4336-1/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20191024-0002/","https://sourceware.org/bugzilla/show_bug.cgi?id=25070","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1","https://usn.ubuntu.com/4336-1/"],"published_time":"2019-10-10T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17402","summary":"Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Exiv2/exiv2/issues/1019","https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4159-1/","https://github.com/Exiv2/exiv2/issues/1019","https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4159-1/"],"published_time":"2019-10-09T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17134","summary":"Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.0039,"ranking_epss":0.6005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:3743","https://access.redhat.com/errata/RHSA-2019:3788","https://access.redhat.com/errata/RHSA-2020:0721","https://review.opendev.org/686541","https://review.opendev.org/686543","https://review.opendev.org/686544","https://review.opendev.org/686545","https://review.opendev.org/686546","https://review.opendev.org/686547","https://security.openstack.org/ossa/OSSA-2019-005.html","https://storyboard.openstack.org/#%21/story/2006660","https://usn.ubuntu.com/4153-1/","https://access.redhat.com/errata/RHSA-2019:3743","https://access.redhat.com/errata/RHSA-2019:3788","https://access.redhat.com/errata/RHSA-2020:0721","https://review.opendev.org/686541","https://review.opendev.org/686543","https://review.opendev.org/686544","https://review.opendev.org/686545","https://review.opendev.org/686546","https://review.opendev.org/686547","https://security.openstack.org/ossa/OSSA-2019-005.html","https://storyboard.openstack.org/#%21/story/2006660","https://usn.ubuntu.com/4153-1/"],"published_time":"2019-10-08T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17266","summary":"libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00942,"ranking_epss":0.76278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912","https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md","https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab","https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad","https://gitlab.gnome.org/GNOME/libsoup/issues/173","https://security-tracker.debian.org/tracker/CVE-2019-17266","https://usn.ubuntu.com/4152-1/","https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912","https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md","https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab","https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad","https://gitlab.gnome.org/GNOME/libsoup/issues/173","https://security-tracker.debian.org/tracker/CVE-2019-17266","https://usn.ubuntu.com/4152-1/","https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html"],"published_time":"2019-10-06T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17133","summary":"In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0156,"ranking_epss":0.81477,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0543","https://access.redhat.com/errata/RHSA-2020:0592","https://access.redhat.com/errata/RHSA-2020:0609","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://access.redhat.com/errata/RHSA-2020:0790","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://marc.info/?l=linux-wireless&m=157018270915487&w=2","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4211-1/","https://usn.ubuntu.com/4211-2/","https://usn.ubuntu.com/4226-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0543","https://access.redhat.com/errata/RHSA-2020:0592","https://access.redhat.com/errata/RHSA-2020:0609","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://access.redhat.com/errata/RHSA-2020:0790","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://marc.info/?l=linux-wireless&m=157018270915487&w=2","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4208-1/","https://usn.ubuntu.com/4210-1/","https://usn.ubuntu.com/4211-1/","https://usn.ubuntu.com/4211-2/","https://usn.ubuntu.com/4226-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-10-04T12:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15165","summary":"sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01031,"ranking_epss":0.77331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES","https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab","https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6","https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/","https://seclists.org/bugtraq/2019/Dec/23","https://support.apple.com/kb/HT210785","https://support.apple.com/kb/HT210788","https://support.apple.com/kb/HT210789","https://support.apple.com/kb/HT210790","https://usn.ubuntu.com/4221-1/","https://usn.ubuntu.com/4221-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tcpdump.org/public-cve-list.txt","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES","https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab","https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6","https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/","https://seclists.org/bugtraq/2019/Dec/23","https://support.apple.com/kb/HT210785","https://support.apple.com/kb/HT210788","https://support.apple.com/kb/HT210789","https://support.apple.com/kb/HT210790","https://usn.ubuntu.com/4221-1/","https://usn.ubuntu.com/4221-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tcpdump.org/public-cve-list.txt"],"published_time":"2019-10-03T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16866","summary":"Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01248,"ranking_epss":0.79314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/","https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt","https://seclists.org/bugtraq/2019/Oct/23","https://usn.ubuntu.com/4149-1/","https://www.debian.org/security/2019/dsa-4544","https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/","https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt","https://seclists.org/bugtraq/2019/Oct/23","https://usn.ubuntu.com/4149-1/","https://www.debian.org/security/2019/dsa-4544"],"published_time":"2019-10-03T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15166","summary":"lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.","cvss":1.6,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":1.6,"cvss_v4":null,"epss":0.01018,"ranking_epss":0.77209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17055","summary":"base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25104,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0790","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/","https://seclists.org/bugtraq/2019/Nov/11","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4185-2/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0790","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/","https://seclists.org/bugtraq/2019/Nov/11","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4185-2/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/"],"published_time":"2019-10-01T14:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17052","summary":"ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.25025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2c675dab816278a1724c1e93b384c2f05a11cb31","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/","https://seclists.org/bugtraq/2019/Nov/11","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4185-2/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2c675dab816278a1724c1e93b384c2f05a11cb31","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/","https://seclists.org/bugtraq/2019/Nov/11","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4185-2/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/"],"published_time":"2019-10-01T14:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16935","summary":"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.02256,"ranking_epss":0.84605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","https://bugs.python.org/issue38243","https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897","https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213","https://github.com/python/cpython/pull/16373","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/","https://security.netapp.com/advisory/ntap-20191017-0004/","https://usn.ubuntu.com/4151-1/","https://usn.ubuntu.com/4151-2/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","https://bugs.python.org/issue38243","https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897","https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213","https://github.com/python/cpython/pull/16373","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/","https://security.netapp.com/advisory/ntap-20191017-0004/","https://usn.ubuntu.com/4151-1/","https://usn.ubuntu.com/4151-2/","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2019-09-28T02:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16928","summary":"Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.89816,"ranking_epss":0.99569,"kev":true,"propose_action":"Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.","ransomware_campaign":"Unknown","references":["http://www.openwall.com/lists/oss-security/2019/09/28/1","http://www.openwall.com/lists/oss-security/2019/09/28/2","http://www.openwall.com/lists/oss-security/2019/09/28/3","http://www.openwall.com/lists/oss-security/2019/09/28/4","https://bugs.exim.org/show_bug.cgi?id=2449","https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f","https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/","https://seclists.org/bugtraq/2019/Sep/60","https://security.gentoo.org/glsa/202003-47","https://usn.ubuntu.com/4141-1/","https://www.debian.org/security/2019/dsa-4536","http://www.openwall.com/lists/oss-security/2019/09/28/1","http://www.openwall.com/lists/oss-security/2019/09/28/2","http://www.openwall.com/lists/oss-security/2019/09/28/3","http://www.openwall.com/lists/oss-security/2019/09/28/4","https://bugs.exim.org/show_bug.cgi?id=2449","https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f","https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/","https://seclists.org/bugtraq/2019/Sep/60","https://security.gentoo.org/glsa/202003-47","https://usn.ubuntu.com/4141-1/","https://www.debian.org/security/2019/dsa-4536","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16928"],"published_time":"2019-09-27T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9433","summary":"In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.08604,"ranking_epss":0.92425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://usn.ubuntu.com/4199-2/","https://www.debian.org/security/2019/dsa-4578","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://usn.ubuntu.com/4199-2/","https://www.debian.org/security/2019/dsa-4578"],"published_time":"2019-09-27T19:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9371","summary":"In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.17758,"ranking_epss":0.95123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://www.debian.org/security/2019/dsa-4578","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://www.debian.org/security/2019/dsa-4578"],"published_time":"2019-09-27T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9325","summary":"In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0889,"ranking_epss":0.92565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://www.debian.org/security/2019/dsa-4578","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://www.debian.org/security/2019/dsa-4578"],"published_time":"2019-09-27T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9278","summary":"In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03749,"ranking_epss":0.88027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566","https://github.com/libexif/libexif/issues/26","https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/","https://seclists.org/bugtraq/2020/Feb/9","https://security.gentoo.org/glsa/202007-05","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4277-1/","https://www.debian.org/security/2020/dsa-4618","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566","https://github.com/libexif/libexif/issues/26","https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/","https://seclists.org/bugtraq/2020/Feb/9","https://security.gentoo.org/glsa/202007-05","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4277-1/","https://www.debian.org/security/2020/dsa-4618"],"published_time":"2019-09-27T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9232","summary":"In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.09266,"ranking_epss":0.9273,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://usn.ubuntu.com/4199-2/","https://www.debian.org/security/2019/dsa-4578","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","http://www.openwall.com/lists/oss-security/2019/10/25/17","http://www.openwall.com/lists/oss-security/2019/10/27/1","http://www.openwall.com/lists/oss-security/2019/11/07/1","https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://seclists.org/bugtraq/2019/Nov/43","https://security.gentoo.org/glsa/202003-59","https://source.android.com/security/bulletin/android-10","https://usn.ubuntu.com/4199-1/","https://usn.ubuntu.com/4199-2/","https://www.debian.org/security/2019/dsa-4578"],"published_time":"2019-09-27T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11740","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.015,"ranking_epss":0.81133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160","https://security.gentoo.org/glsa/201911-07","https://usn.ubuntu.com/4150-1/","https://www.mozilla.org/security/advisories/mfsa2019-25/","https://www.mozilla.org/security/advisories/mfsa2019-26/","https://www.mozilla.org/security/advisories/mfsa2019-27/","https://www.mozilla.org/security/advisories/mfsa2019-29/","https://www.mozilla.org/security/advisories/mfsa2019-30/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160","https://security.gentoo.org/glsa/201911-07","https://usn.ubuntu.com/4150-1/","https://www.mozilla.org/security/advisories/mfsa2019-25/","https://www.mozilla.org/security/advisories/mfsa2019-26/","https://www.mozilla.org/security/advisories/mfsa2019-27/","https://www.mozilla.org/security/advisories/mfsa2019-29/","https://www.mozilla.org/security/advisories/mfsa2019-30/"],"published_time":"2019-09-27T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16869","summary":"Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04028,"ranking_epss":0.88487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3901","https://access.redhat.com/errata/RHSA-2020:0159","https://access.redhat.com/errata/RHSA-2020:0160","https://access.redhat.com/errata/RHSA-2020:0161","https://access.redhat.com/errata/RHSA-2020:0164","https://access.redhat.com/errata/RHSA-2020:0445","https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final","https://github.com/netty/netty/issues/9571","https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-16869/5.0.0.Alpha1/exploit","https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0@%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c@%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac@%3Ccommits.tinkerpop.apache.org%3E","https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E","https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html","https://seclists.org/bugtraq/2020/Jan/6","https://usn.ubuntu.com/4532-1/","https://www.debian.org/security/2020/dsa-4597","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3901","https://access.redhat.com/errata/RHSA-2020:0159","https://access.redhat.com/errata/RHSA-2020:0160","https://access.redhat.com/errata/RHSA-2020:0161","https://access.redhat.com/errata/RHSA-2020:0164","https://access.redhat.com/errata/RHSA-2020:0445","https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final","https://github.com/netty/netty/issues/9571","https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0%40%3Ccommits.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c%40%3Cdev.olingo.apache.org%3E","https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac%40%3Ccommits.tinkerpop.apache.org%3E","https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e%40%3Ccommits.camel.apache.org%3E","https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc%40%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a%40%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833%40%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html","https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html","https://seclists.org/bugtraq/2020/Jan/6","https://usn.ubuntu.com/4532-1/","https://www.debian.org/security/2020/dsa-4597"],"published_time":"2019-09-26T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10092","summary":"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.82379,"ranking_epss":0.99225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html","http://www.openwall.com/lists/oss-security/2019/08/15/4","http://www.openwall.com/lists/oss-security/2020/08/08/1","http://www.openwall.com/lists/oss-security/2020/08/08/9","https://access.redhat.com/errata/RHSA-2019:4126","https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/","https://seclists.org/bugtraq/2019/Aug/47","https://seclists.org/bugtraq/2019/Oct/24","https://security.gentoo.org/glsa/201909-04","https://security.netapp.com/advisory/ntap-20190905-0003/","https://support.f5.com/csp/article/K30442259","https://usn.ubuntu.com/4113-1/","https://www.debian.org/security/2019/dsa-4509","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html","http://www.openwall.com/lists/oss-security/2019/08/15/4","http://www.openwall.com/lists/oss-security/2020/08/08/1","http://www.openwall.com/lists/oss-security/2020/08/08/9","https://access.redhat.com/errata/RHSA-2019:4126","https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/","https://seclists.org/bugtraq/2019/Aug/47","https://seclists.org/bugtraq/2019/Oct/24","https://security.gentoo.org/glsa/201909-04","https://security.netapp.com/advisory/ntap-20190905-0003/","https://support.f5.com/csp/article/K30442259","https://usn.ubuntu.com/4113-1/","https://www.debian.org/security/2019/dsa-4509","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2019-09-26T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-18635","summary":"An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.08306,"ranking_epss":0.92264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0754","https://bugs.launchpad.net/horizon/+bug/1656435","https://github.com/ShielderSec/cve-2017-18635","https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534","https://github.com/novnc/noVNC/issues/748","https://github.com/novnc/noVNC/releases/tag/v0.6.2","https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html","https://usn.ubuntu.com/4522-1/","https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/","https://access.redhat.com/errata/RHSA-2020:0754","https://bugs.launchpad.net/horizon/+bug/1656435","https://github.com/ShielderSec/cve-2017-18635","https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534","https://github.com/novnc/noVNC/issues/748","https://github.com/novnc/noVNC/releases/tag/v0.6.2","https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html","https://usn.ubuntu.com/4522-1/","https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/"],"published_time":"2019-09-25T23:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16884","summary":"runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57348,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html","https://access.redhat.com/errata/RHSA-2019:3940","https://access.redhat.com/errata/RHSA-2019:4074","https://access.redhat.com/errata/RHSA-2019:4269","https://github.com/opencontainers/runc/issues/2128","https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html","https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/","https://security.gentoo.org/glsa/202003-21","https://security.netapp.com/advisory/ntap-20220221-0004/","https://usn.ubuntu.com/4297-1/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html","https://access.redhat.com/errata/RHSA-2019:3940","https://access.redhat.com/errata/RHSA-2019:4074","https://access.redhat.com/errata/RHSA-2019:4269","https://github.com/opencontainers/runc/issues/2128","https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html","https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/","https://security.gentoo.org/glsa/202003-21","https://security.netapp.com/advisory/ntap-20220221-0004/","https://usn.ubuntu.com/4297-1/"],"published_time":"2019-09-25T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13627","summary":"It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.","cvss":6.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html","http://www.openwall.com/lists/oss-security/2019/10/02/2","https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5","https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html","https://minerva.crocs.fi.muni.cz/","https://security-tracker.debian.org/tracker/CVE-2019-13627","https://security.gentoo.org/glsa/202003-32","https://usn.ubuntu.com/4236-1/","https://usn.ubuntu.com/4236-2/","https://usn.ubuntu.com/4236-3/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html","http://www.openwall.com/lists/oss-security/2019/10/02/2","https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5","https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html","https://minerva.crocs.fi.muni.cz/","https://security-tracker.debian.org/tracker/CVE-2019-13627","https://security.gentoo.org/glsa/202003-32","https://usn.ubuntu.com/4236-1/","https://usn.ubuntu.com/4236-2/","https://usn.ubuntu.com/4236-3/"],"published_time":"2019-09-25T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5094","summary":"An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0033,"ranking_epss":0.56022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/","https://seclists.org/bugtraq/2019/Sep/58","https://security.gentoo.org/glsa/202003-05","https://security.netapp.com/advisory/ntap-20200115-0002/","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887","https://usn.ubuntu.com/4142-1/","https://usn.ubuntu.com/4142-2/","https://www.debian.org/security/2019/dsa-4535","https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/","https://seclists.org/bugtraq/2019/Sep/58","https://security.gentoo.org/glsa/202003-05","https://security.netapp.com/advisory/ntap-20200115-0002/","https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887","https://usn.ubuntu.com/4142-1/","https://usn.ubuntu.com/4142-2/","https://www.debian.org/security/2019/dsa-4535"],"published_time":"2019-09-24T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12068","summary":"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.","cvss":3.8,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html","https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08","https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html","https://security-tracker.debian.org/tracker/CVE-2019-12068","https://usn.ubuntu.com/4191-1/","https://usn.ubuntu.com/4191-2/","https://www.debian.org/security/2020/dsa-4665","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html","https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08","https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html","https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html","https://security-tracker.debian.org/tracker/CVE-2019-12068","https://usn.ubuntu.com/4191-1/","https://usn.ubuntu.com/4191-2/","https://www.debian.org/security/2020/dsa-4665"],"published_time":"2019-09-24T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16746","summary":"An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02601,"ranking_epss":0.85613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TASE2ESEZAER6DTZH3DJ4K2JNO46TVL7/","https://marc.info/?l=linux-wireless&m=156901391225058&w=2","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4183-1/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4209-1/","https://usn.ubuntu.com/4210-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TASE2ESEZAER6DTZH3DJ4K2JNO46TVL7/","https://marc.info/?l=linux-wireless&m=156901391225058&w=2","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4183-1/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4209-1/","https://usn.ubuntu.com/4210-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-09-24T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16729","summary":"pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1","https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html","https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/","https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/","https://usn.ubuntu.com/4552-1/","https://usn.ubuntu.com/4552-2/","https://www.debian.org/security/2019/dsa-4555","https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1","https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html","https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/","https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/","https://usn.ubuntu.com/4552-1/","https://usn.ubuntu.com/4552-2/","https://www.debian.org/security/2019/dsa-4555"],"published_time":"2019-09-24T05:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16708","summary":"ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1531","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1531","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712"],"published_time":"2019-09-23T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16709","summary":"ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1531","https://usn.ubuntu.com/4192-1/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1531","https://usn.ubuntu.com/4192-1/"],"published_time":"2019-09-23T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16710","summary":"ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1528","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1528","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712"],"published_time":"2019-09-23T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16711","summary":"ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1542","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1542","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712"],"published_time":"2019-09-23T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16713","summary":"ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1558","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html","https://github.com/ImageMagick/ImageMagick/issues/1558","https://usn.ubuntu.com/4192-1/","https://www.debian.org/security/2020/dsa-4712"],"published_time":"2019-09-23T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16714","summary":"In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01117,"ranking_epss":0.7822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/09/24/2","http://www.openwall.com/lists/oss-security/2019/09/25/1","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14","https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736","https://security.netapp.com/advisory/ntap-20191031-0005/","https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","http://www.openwall.com/lists/oss-security/2019/09/24/2","http://www.openwall.com/lists/oss-security/2019/09/25/1","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14","https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736","https://security.netapp.com/advisory/ntap-20191031-0005/","https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/"],"published_time":"2019-09-23T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16680","summary":"An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.","cvss":4.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01789,"ranking_epss":0.82745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.gnome.org/show_bug.cgi?id=794337","https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2","https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1","https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html","https://seclists.org/bugtraq/2019/Sep/57","https://usn.ubuntu.com/4139-1/","https://www.debian.org/security/2019/dsa-4537","https://bugzilla.redhat.com/show_bug.cgi?id=1767594","https://bugzilla.gnome.org/show_bug.cgi?id=794337","https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2","https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1","https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html","https://seclists.org/bugtraq/2019/Sep/57","https://usn.ubuntu.com/4139-1/","https://www.debian.org/security/2019/dsa-4537"],"published_time":"2019-09-21T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14814","summary":"There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/08/28/1","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/security/cve/cve-2019-14814","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814","https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.openwall.com/lists/oss-security/2019/08/28/1","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/08/28/1","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/security/cve/cve-2019-14814","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814","https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.openwall.com/lists/oss-security/2019/08/28/1"],"published_time":"2019-09-20T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14816","summary":"There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/08/28/1","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://access.redhat.com/security/cve/cve-2019-14816","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816","https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.openwall.com/lists/oss-security/2019/08/28/1","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/08/28/1","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://access.redhat.com/security/cve/cve-2019-14816","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816","https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.openwall.com/lists/oss-security/2019/08/28/1"],"published_time":"2019-09-20T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14821","summary":"An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/09/20/1","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2019:3978","https://access.redhat.com/errata/RHSA-2019:3979","https://access.redhat.com/errata/RHSA-2019:4154","https://access.redhat.com/errata/RHSA-2019:4256","https://access.redhat.com/errata/RHSA-2020:0027","https://access.redhat.com/errata/RHSA-2020:0204","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.debian.org/security/2019/dsa-4531","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/09/20/1","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2019:3978","https://access.redhat.com/errata/RHSA-2019:3979","https://access.redhat.com/errata/RHSA-2019:4154","https://access.redhat.com/errata/RHSA-2019:4256","https://access.redhat.com/errata/RHSA-2020:0027","https://access.redhat.com/errata/RHSA-2020:0204","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.debian.org/security/2019/dsa-4531","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-09-19T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11779","summary":"In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.06791,"ranking_epss":0.91316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html","https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160","https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/","https://seclists.org/bugtraq/2019/Nov/25","https://usn.ubuntu.com/4137-1/","https://www.debian.org/security/2019/dsa-4570","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html","https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160","https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/","https://seclists.org/bugtraq/2019/Nov/25","https://usn.ubuntu.com/4137-1/","https://www.debian.org/security/2019/dsa-4570"],"published_time":"2019-09-19T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16391","summary":"SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00871,"ranking_epss":0.75199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr","https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79","https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr","https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79","https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532"],"published_time":"2019-09-17T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16392","summary":"SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00645,"ranking_epss":0.70671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532"],"published_time":"2019-09-17T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16393","summary":"SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.","cvss":6.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00413,"ranking_epss":0.61526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://core.spip.net/issues/4362","https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://core.spip.net/issues/4362","https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532"],"published_time":"2019-09-17T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16394","summary":"SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.56735,"ranking_epss":0.98129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://core.spip.net/issues/4171","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532","https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone","https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone","https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html","https://core.spip.net/issues/4171","https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html","https://seclists.org/bugtraq/2019/Sep/40","https://usn.ubuntu.com/4536-1/","https://www.debian.org/security/2019/dsa-4532","https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone","https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone"],"published_time":"2019-09-17T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14835","summary":"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.","cvss":7.2,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en","http://www.openwall.com/lists/oss-security/2019/09/24/1","http://www.openwall.com/lists/oss-security/2019/10/03/1","http://www.openwall.com/lists/oss-security/2019/10/09/3","http://www.openwall.com/lists/oss-security/2019/10/09/7","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2827","https://access.redhat.com/errata/RHSA-2019:2828","https://access.redhat.com/errata/RHSA-2019:2829","https://access.redhat.com/errata/RHSA-2019:2830","https://access.redhat.com/errata/RHSA-2019:2854","https://access.redhat.com/errata/RHSA-2019:2862","https://access.redhat.com/errata/RHSA-2019:2863","https://access.redhat.com/errata/RHSA-2019:2864","https://access.redhat.com/errata/RHSA-2019:2865","https://access.redhat.com/errata/RHSA-2019:2866","https://access.redhat.com/errata/RHSA-2019:2867","https://access.redhat.com/errata/RHSA-2019:2869","https://access.redhat.com/errata/RHSA-2019:2889","https://access.redhat.com/errata/RHSA-2019:2899","https://access.redhat.com/errata/RHSA-2019:2900","https://access.redhat.com/errata/RHSA-2019:2901","https://access.redhat.com/errata/RHSA-2019:2924","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/","https://www.debian.org/security/2019/dsa-4531","https://www.openwall.com/lists/oss-security/2019/09/17/1","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en","http://www.openwall.com/lists/oss-security/2019/09/24/1","http://www.openwall.com/lists/oss-security/2019/10/03/1","http://www.openwall.com/lists/oss-security/2019/10/09/3","http://www.openwall.com/lists/oss-security/2019/10/09/7","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2827","https://access.redhat.com/errata/RHSA-2019:2828","https://access.redhat.com/errata/RHSA-2019:2829","https://access.redhat.com/errata/RHSA-2019:2830","https://access.redhat.com/errata/RHSA-2019:2854","https://access.redhat.com/errata/RHSA-2019:2862","https://access.redhat.com/errata/RHSA-2019:2863","https://access.redhat.com/errata/RHSA-2019:2864","https://access.redhat.com/errata/RHSA-2019:2865","https://access.redhat.com/errata/RHSA-2019:2866","https://access.redhat.com/errata/RHSA-2019:2867","https://access.redhat.com/errata/RHSA-2019:2869","https://access.redhat.com/errata/RHSA-2019:2889","https://access.redhat.com/errata/RHSA-2019:2899","https://access.redhat.com/errata/RHSA-2019:2900","https://access.redhat.com/errata/RHSA-2019:2901","https://access.redhat.com/errata/RHSA-2019:2924","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/","https://www.debian.org/security/2019/dsa-4531","https://www.openwall.com/lists/oss-security/2019/09/17/1"],"published_time":"2019-09-17T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16239","summary":"process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.08525,"ranking_epss":0.92384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGBI2PNXYWWKLD2LXKFH6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WI7ZENFAWCHF2RU4NHPL2CU4WGZ4BNDJ/","https://seclists.org/bugtraq/2020/Jan/31","https://t2.fi/schedule/2019/","https://usn.ubuntu.com/4565-1/","https://www.debian.org/security/2020/dsa-4607","http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGBI2PNXYWWKLD2LXKFH6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WI7ZENFAWCHF2RU4NHPL2CU4WGZ4BNDJ/","https://seclists.org/bugtraq/2020/Jan/31","https://t2.fi/schedule/2019/","https://usn.ubuntu.com/4565-1/","https://www.debian.org/security/2020/dsa-4607"],"published_time":"2019-09-17T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16378","summary":"OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0125,"ranking_epss":0.79323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/09/17/2","https://bugs.debian.org/940081","https://github.com/trusteddomainproject/OpenDMARC/pull/48","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/","https://seclists.org/bugtraq/2019/Sep/36","https://usn.ubuntu.com/4567-1/","https://www.debian.org/security/2019/dsa-4526","https://www.openwall.com/lists/oss-security/2019/09/11/8","http://www.openwall.com/lists/oss-security/2019/09/17/2","https://bugs.debian.org/940081","https://github.com/trusteddomainproject/OpenDMARC/pull/48","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/","https://seclists.org/bugtraq/2019/Sep/36","https://usn.ubuntu.com/4567-1/","https://www.debian.org/security/2019/dsa-4526","https://www.openwall.com/lists/oss-security/2019/09/11/8"],"published_time":"2019-09-17T12:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15030","summary":"In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/09/10/3","https://access.redhat.com/errata/RHSA-2020:0740","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/09/10/3","https://access.redhat.com/errata/RHSA-2020:0740","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/"],"published_time":"2019-09-13T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15031","summary":"In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/09/10/4","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/09/10/4","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/"],"published_time":"2019-09-13T13:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16275","summary":"hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/09/12/6","https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/","https://seclists.org/bugtraq/2019/Sep/56","https://usn.ubuntu.com/4136-1/","https://usn.ubuntu.com/4136-2/","https://w1.fi/security/2019-7/","https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt","https://www.debian.org/security/2019/dsa-4538","https://www.openwall.com/lists/oss-security/2019/09/11/7","http://www.openwall.com/lists/oss-security/2019/09/12/6","https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/","https://seclists.org/bugtraq/2019/Sep/56","https://usn.ubuntu.com/4136-1/","https://usn.ubuntu.com/4136-2/","https://w1.fi/security/2019-7/","https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt","https://www.debian.org/security/2019/dsa-4538","https://www.openwall.com/lists/oss-security/2019/09/11/7"],"published_time":"2019-09-12T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16235","summary":"Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00265,"ranking_epss":0.49954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/09/12/5","https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930","https://gultsch.de/dino_multiple.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/","https://seclists.org/bugtraq/2019/Sep/31","https://usn.ubuntu.com/4306-1/","https://www.debian.org/security/2019/dsa-4524","http://www.openwall.com/lists/oss-security/2019/09/12/5","https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930","https://gultsch.de/dino_multiple.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/","https://seclists.org/bugtraq/2019/Sep/31","https://usn.ubuntu.com/4306-1/","https://www.debian.org/security/2019/dsa-4524"],"published_time":"2019-09-11T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16236","summary":"Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00814,"ranking_epss":0.7427,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/09/12/5","https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9","https://gultsch.de/dino_multiple.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/","https://seclists.org/bugtraq/2019/Sep/31","https://usn.ubuntu.com/4306-1/","https://www.debian.org/security/2019/dsa-4524","http://www.openwall.com/lists/oss-security/2019/09/12/5","https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9","https://gultsch.de/dino_multiple.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/","https://seclists.org/bugtraq/2019/Sep/31","https://usn.ubuntu.com/4306-1/","https://www.debian.org/security/2019/dsa-4524"],"published_time":"2019-09-11T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16237","summary":"Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/09/12/5","https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363","https://gultsch.de/dino_multiple.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/","https://seclists.org/bugtraq/2019/Sep/31","https://usn.ubuntu.com/4306-1/","https://www.debian.org/security/2019/dsa-4524","http://www.openwall.com/lists/oss-security/2019/09/12/5","https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363","https://gultsch.de/dino_multiple.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/","https://seclists.org/bugtraq/2019/Sep/31","https://usn.ubuntu.com/4306-1/","https://www.debian.org/security/2019/dsa-4524"],"published_time":"2019-09-11T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16231","summary":"drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","cvss":4.1,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4225-1/","https://usn.ubuntu.com/4225-2/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/"],"published_time":"2019-09-11T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16232","summary":"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","cvss":4.1,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.1,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-09-11T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16233","summary":"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","cvss":4.1,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.1,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4346-1/","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4226-1/","https://usn.ubuntu.com/4227-1/","https://usn.ubuntu.com/4227-2/","https://usn.ubuntu.com/4346-1/"],"published_time":"2019-09-11T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16234","summary":"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4346-1/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4342-1/","https://usn.ubuntu.com/4344-1/","https://usn.ubuntu.com/4345-1/","https://usn.ubuntu.com/4346-1/"],"published_time":"2019-09-11T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16229","summary":"drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id","cvss":4.1,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":4.1,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3","https://lkml.org/lkml/2019/9/9/487","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4285-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-09-11T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16163","summary":"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180","https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3","https://github.com/kkos/oniguruma/issues/147","https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/","https://usn.ubuntu.com/4460-1/","https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180","https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3","https://github.com/kkos/oniguruma/issues/147","https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/","https://usn.ubuntu.com/4460-1/"],"published_time":"2019-09-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16167","summary":"sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01477,"ranking_epss":0.80972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html","https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6","https://github.com/sysstat/sysstat/issues/230","https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/","https://usn.ubuntu.com/4242-1/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html","https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6","https://github.com/sysstat/sysstat/issues/230","https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/","https://usn.ubuntu.com/4242-1/"],"published_time":"2019-09-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16168","summary":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00843,"ranking_epss":0.74749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/","https://security.gentoo.org/glsa/202003-16","https://security.netapp.com/advisory/ntap-20190926-0003/","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4205-1/","https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62","https://www.sqlite.org/src/timeline?c=98357d8c1263920b","https://www.tenable.com/security/tns-2021-08","https://www.tenable.com/security/tns-2021-11","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/","https://security.gentoo.org/glsa/202003-16","https://security.netapp.com/advisory/ntap-20190926-0003/","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4205-1/","https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62","https://www.sqlite.org/src/timeline?c=98357d8c1263920b","https://www.tenable.com/security/tns-2021-08","https://www.tenable.com/security/tns-2021-11","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-09-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16095","summary":"Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00457,"ranking_epss":0.63915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/","https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/"],"published_time":"2019-09-08T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16091","summary":"Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00457,"ranking_epss":0.63915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/","https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/"],"published_time":"2019-09-08T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16092","summary":"Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00408,"ranking_epss":0.61169,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/","https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/"],"published_time":"2019-09-08T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16093","summary":"Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0047,"ranking_epss":0.64562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/","https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/"],"published_time":"2019-09-08T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16094","summary":"Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00452,"ranking_epss":0.63708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/","https://github.com/hoene/libmysofa/compare/f571522...e07edb3","https://usn.ubuntu.com/4473-1/"],"published_time":"2019-09-08T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9445","summary":"In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://source.android.com/security/bulletin/pixel/2019-09-01","https://usn.ubuntu.com/4526-1/","https://usn.ubuntu.com/4527-1/","https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","https://source.android.com/security/bulletin/pixel/2019-09-01","https://usn.ubuntu.com/4526-1/","https://usn.ubuntu.com/4527-1/"],"published_time":"2019-09-06T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9453","summary":"In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2019-09-01","https://usn.ubuntu.com/4527-1/","https://source.android.com/security/bulletin/pixel/2019-09-01","https://usn.ubuntu.com/4527-1/"],"published_time":"2019-09-06T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9854","summary":"LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0076,"ranking_epss":0.73327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQKKOIY2DMZCXJINOLIQXD2NWISDKK3N/","https://seclists.org/bugtraq/2019/Sep/17","https://usn.ubuntu.com/4138-1/","https://www.debian.org/security/2019/dsa-4519","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/","https://bugzilla.redhat.com/show_bug.cgi?id=1769907","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQKKOIY2DMZCXJINOLIQXD2NWISDKK3N/","https://seclists.org/bugtraq/2019/Sep/17","https://usn.ubuntu.com/4138-1/","https://www.debian.org/security/2019/dsa-4519","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/"],"published_time":"2019-09-06T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16056","summary":"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01217,"ranking_epss":0.79032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","https://access.redhat.com/errata/RHSA-2019:3725","https://access.redhat.com/errata/RHSA-2019:3948","https://bugs.python.org/issue34155","https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QASRD4E2G65GGEHYKVHYCXB2XWAGTNL4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QP46PQSUKYPGWTADQ67NOV3BUN6JM34Z/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/","https://security.netapp.com/advisory/ntap-20190926-0005/","https://usn.ubuntu.com/4151-1/","https://usn.ubuntu.com/4151-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","https://access.redhat.com/errata/RHSA-2019:3725","https://access.redhat.com/errata/RHSA-2019:3948","https://bugs.python.org/issue34155","https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QASRD4E2G65GGEHYKVHYCXB2XWAGTNL4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QP46PQSUKYPGWTADQ67NOV3BUN6JM34Z/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/","https://security.netapp.com/advisory/ntap-20190926-0005/","https://usn.ubuntu.com/4151-1/","https://usn.ubuntu.com/4151-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2019-09-06T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15926","summary":"An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.","cvss":9.1,"cvss_version":3.0,"cvss_v2":9.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.05955,"ranking_epss":0.90645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d6751eaff672ea77642e74e92e6c0ac7f9709ab","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20191004-0001/","https://support.f5.com/csp/article/K32034450","https://support.f5.com/csp/article/K32034450?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4145-1/","https://usn.ubuntu.com/4147-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d6751eaff672ea77642e74e92e6c0ac7f9709ab","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20191004-0001/","https://support.f5.com/csp/article/K32034450","https://support.f5.com/csp/article/K32034450?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4145-1/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-09-04T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15925","summary":"An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f25edb48c441fc278ecc154c270f16966cbb90","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4147-1/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f25edb48c441fc278ecc154c270f16966cbb90","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-09-04T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15918","summary":"An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10","https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b9365","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10","https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b9365","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/"],"published_time":"2019-09-04T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10197","summary":"A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0479,"ranking_epss":0.89479,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html","https://access.redhat.com/errata/RHSA-2019:3253","https://access.redhat.com/errata/RHSA-2019:4023","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/","https://seclists.org/bugtraq/2019/Sep/4","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20190903-0001/","https://support.f5.com/csp/article/K69511801","https://support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4121-1/","https://www.debian.org/security/2019/dsa-4513","https://www.samba.org/samba/security/CVE-2019-10197.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html","https://access.redhat.com/errata/RHSA-2019:3253","https://access.redhat.com/errata/RHSA-2019:4023","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/","https://seclists.org/bugtraq/2019/Sep/4","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20190903-0001/","https://support.f5.com/csp/article/K69511801","https://support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4121-1/","https://www.debian.org/security/2019/dsa-4513","https://www.samba.org/samba/security/CVE-2019-10197.html"],"published_time":"2019-09-03T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-9383","summary":"FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02734,"ranking_epss":0.85961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd","https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html","https://savannah.nongnu.org/bugs/?46346","https://usn.ubuntu.com/4126-1/","https://usn.ubuntu.com/4126-2/","http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd","https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html","https://savannah.nongnu.org/bugs/?46346","https://usn.ubuntu.com/4126-1/","https://usn.ubuntu.com/4126-2/"],"published_time":"2019-09-03T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15717","summary":"Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/08/29/3","http://www.openwall.com/lists/oss-security/2019/08/29/5","https://irssi.org/security/irssi_sa_2019_08.txt","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDDRTNKDDO52CO5USJ73BE6XVG7BD4KP/","https://usn.ubuntu.com/4119-1/","http://www.openwall.com/lists/oss-security/2019/08/29/3","http://www.openwall.com/lists/oss-security/2019/08/29/5","https://irssi.org/security/irssi_sa_2019_08.txt","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDDRTNKDDO52CO5USJ73BE6XVG7BD4KP/","https://usn.ubuntu.com/4119-1/"],"published_time":"2019-08-29T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7307","summary":"Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04854,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html","http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"],"published_time":"2019-08-29T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11476","summary":"An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863","https://usn.ubuntu.com/4052-1/","http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863","https://usn.ubuntu.com/4052-1/"],"published_time":"2019-08-29T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15538","summary":"An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.16428,"ranking_epss":0.94883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee","https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://lore.kernel.org/linux-xfs/20190823035528.GH1037422%40magnolia/","https://lore.kernel.org/linux-xfs/20190823192433.GA8736%40eldamar.local","https://security.netapp.com/advisory/ntap-20191004-0001/","https://support.f5.com/csp/article/K32592426?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4144-1/","https://usn.ubuntu.com/4147-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee","https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://lore.kernel.org/linux-xfs/20190823035528.GH1037422%40magnolia/","https://lore.kernel.org/linux-xfs/20190823192433.GA8736%40eldamar.local","https://security.netapp.com/advisory/ntap-20191004-0001/","https://support.f5.com/csp/article/K32592426?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4144-1/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-08-25T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15504","summary":"drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0412,"ranking_epss":0.88629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://lore.kernel.org/lkml/20190819220230.10597-1-benquike%40gmail.com/","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K33554143","https://support.f5.com/csp/article/K33554143?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://lore.kernel.org/lkml/20190819220230.10597-1-benquike%40gmail.com/","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K33554143","https://support.f5.com/csp/article/K33554143?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/"],"published_time":"2019-08-23T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15505","summary":"drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0098,"ranking_epss":0.76759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/","https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K28222050","https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/","https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K28222050","https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/"],"published_time":"2019-08-23T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15292","summary":"An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.","cvss":4.7,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":4.7,"cvss_v4":null,"epss":0.01013,"ranking_epss":0.77127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K27112954","https://support.f5.com/csp/article/K27112954?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K27112954","https://support.f5.com/csp/article/K27112954?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/"],"published_time":"2019-08-21T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2126","summary":"In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.09309,"ranking_epss":0.92748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://source.android.com/security/bulletin/2019-08-01","https://usn.ubuntu.com/4199-1/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/","https://source.android.com/security/bulletin/2019-08-01","https://usn.ubuntu.com/4199-1/"],"published_time":"2019-08-20T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15223","summary":"An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7","https://usn.ubuntu.com/4147-1/","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-08-19T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15211","summary":"An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=775f90f43cfd6f8ac6c15251ce68e604453da226","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4145-1/","https://usn.ubuntu.com/4147-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=775f90f43cfd6f8ac6c15251ce68e604453da226","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4145-1/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15212","summary":"An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3864d33943b4a76c6e64616280e98d2410b1190f","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=64aa96c96f594a77eb8d945df21ec76dd35573b3","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3864d33943b4a76c6e64616280e98d2410b1190f","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=64aa96c96f594a77eb8d945df21ec76dd35573b3","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15214","summary":"An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.","cvss":6.4,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c2f870890fd28e023b0fcf49dcee333f2c8bad7","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=75903e0021cef79bc434d068b5169b599b2a46a9","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c2f870890fd28e023b0fcf49dcee333f2c8bad7","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=75903e0021cef79bc434d068b5169b599b2a46a9","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15215","summary":"An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eff73de2b1600ad8230692f00bc0ab49b166512a","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=b68d3c254cf294f8a802582094fa3251d6de5247","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4145-1/","https://usn.ubuntu.com/4147-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eff73de2b1600ad8230692f00bc0ab49b166512a","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=b68d3c254cf294f8a802582094fa3251d6de5247","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4145-1/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15216","summary":"An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.14","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef61eb43ada6c1d6b94668f0f514e4c268093ff3","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=f0b1f2952022c75394c0eef2afeb17af90f9227e","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.14","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef61eb43ada6c1d6b94668f0f514e4c268093ff3","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=f0b1f2952022c75394c0eef2afeb17af90f9227e","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15217","summary":"An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4302-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","https://usn.ubuntu.com/4302-1/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15218","summary":"An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e0456de5be379b10fea0fa94a681057114a96e","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=4a5d7c8c2b6dbedb5b7218c6d7e8666bd2387517","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e0456de5be379b10fea0fa94a681057114a96e","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=4a5d7c8c2b6dbedb5b7218c6d7e8666bd2387517","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15219","summary":"An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5729f68d3a82786aea110b1bfe610be318f80a","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=aaf6794922521df1c35c81e32cb2d0bb6a351e7b","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","http://www.openwall.com/lists/oss-security/2019/08/22/2","http://www.openwall.com/lists/oss-security/2019/08/22/3","http://www.openwall.com/lists/oss-security/2019/08/22/4","http://www.openwall.com/lists/oss-security/2019/08/22/5","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5729f68d3a82786aea110b1bfe610be318f80a","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=aaf6794922521df1c35c81e32cb2d0bb6a351e7b"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15220","summary":"An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=082c09653e43e33a6a56f8c57cf051eeacae9d5f","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=082c09653e43e33a6a56f8c57cf051eeacae9d5f","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15221","summary":"An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://www.openwall.com/lists/oss-security/2019/08/20/2","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://security.netapp.com/advisory/ntap-20190905-0002/","https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4286-1/","https://usn.ubuntu.com/4286-2/"],"published_time":"2019-08-19T22:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15145","summary":"DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00469,"ranking_epss":0.64508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/298/","https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/298/","https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032"],"published_time":"2019-08-18T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15142","summary":"In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00878,"ranking_epss":0.75333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/296/","https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/296/","https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032"],"published_time":"2019-08-18T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15143","summary":"In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00878,"ranking_epss":0.75333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/297/","https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/297/","https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032"],"published_time":"2019-08-18T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15144","summary":"In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00658,"ranking_epss":0.71045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/299/","https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL/","https://security.gentoo.org/glsa/202007-36","https://sourceforge.net/p/djvu/bugs/299/","https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/","https://usn.ubuntu.com/4198-1/","https://www.debian.org/security/2021/dsa-5032"],"published_time":"2019-08-18T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15133","summary":"In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008","https://lists.debian.org/debian-lts-announce/2022/12/msg00008.html","https://usn.ubuntu.com/4107-1/","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008","https://lists.debian.org/debian-lts-announce/2022/12/msg00008.html","https://usn.ubuntu.com/4107-1/"],"published_time":"2019-08-17T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5477","summary":"A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.06079,"ranking_epss":0.90763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sparklemotion/nokogiri/issues/1915","https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc","https://hackerone.com/reports/650835","https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html","https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html","https://security.gentoo.org/glsa/202006-05","https://usn.ubuntu.com/4175-1/","https://github.com/sparklemotion/nokogiri/issues/1915","https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc","https://hackerone.com/reports/650835","https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html","https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html","https://security.gentoo.org/glsa/202006-05","https://usn.ubuntu.com/4175-1/"],"published_time":"2019-08-16T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15118","summary":"check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.3292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20190905-0002/","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.debian.org/security/2019/dsa-4531","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20190905-0002/","https://usn.ubuntu.com/4147-1/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.debian.org/security/2019/dsa-4531"],"published_time":"2019-08-16T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15098","summary":"drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.3718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/09/27/1","http://www.openwall.com/lists/oss-security/2019/09/27/2","http://www.openwall.com/lists/oss-security/2019/09/27/3","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K61214359","https://support.f5.com/csp/article/K61214359?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/09/27/1","http://www.openwall.com/lists/oss-security/2019/09/27/2","http://www.openwall.com/lists/oss-security/2019/09/27/3","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K61214359","https://support.f5.com/csp/article/K61214359?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/"],"published_time":"2019-08-16T02:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15099","summary":"drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0166,"ranking_epss":0.8206,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike%40gmail.com/T/#u","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K76295179","https://support.f5.com/csp/article/K76295179?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike%40gmail.com/T/#u","https://security.netapp.com/advisory/ntap-20190905-0002/","https://support.f5.com/csp/article/K76295179","https://support.f5.com/csp/article/K76295179?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4258-1/","https://usn.ubuntu.com/4284-1/","https://usn.ubuntu.com/4287-1/","https://usn.ubuntu.com/4287-2/"],"published_time":"2019-08-16T02:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15090","summary":"An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.","cvss":6.7,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28659,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc","https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc","https://security.netapp.com/advisory/ntap-20190905-0002/","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc","https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc","https://security.netapp.com/advisory/ntap-20190905-0002/","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/"],"published_time":"2019-08-16T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9850","summary":"LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02907,"ranking_epss":0.86363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVSDPZJG3UA43X3JXRHJAWXLDZEW77LM/","https://seclists.org/bugtraq/2019/Aug/28","https://usn.ubuntu.com/4102-1/","https://www.debian.org/security/2019/dsa-4501","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9850","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVSDPZJG3UA43X3JXRHJAWXLDZEW77LM/","https://seclists.org/bugtraq/2019/Aug/28","https://usn.ubuntu.com/4102-1/","https://www.debian.org/security/2019/dsa-4501","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9850"],"published_time":"2019-08-15T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9851","summary":"LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.85784,"ranking_epss":0.99382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/","https://seclists.org/bugtraq/2019/Aug/28","https://usn.ubuntu.com/4102-1/","https://www.debian.org/security/2019/dsa-4501","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/","https://seclists.org/bugtraq/2019/Aug/28","https://usn.ubuntu.com/4102-1/","https://www.debian.org/security/2019/dsa-4501","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851"],"published_time":"2019-08-15T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9852","summary":"LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/","https://seclists.org/bugtraq/2019/Aug/28","https://seclists.org/bugtraq/2019/Sep/17","https://usn.ubuntu.com/4102-1/","https://www.debian.org/security/2019/dsa-4501","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/","https://seclists.org/bugtraq/2019/Aug/28","https://seclists.org/bugtraq/2019/Sep/17","https://usn.ubuntu.com/4102-1/","https://www.debian.org/security/2019/dsa-4501","https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"],"published_time":"2019-08-15T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13377","summary":"The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00705,"ranking_epss":0.72101,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/","https://seclists.org/bugtraq/2019/Sep/56","https://usn.ubuntu.com/4098-1/","https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503","https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5","https://www.debian.org/security/2019/dsa-4538","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/","https://seclists.org/bugtraq/2019/Sep/56","https://usn.ubuntu.com/4098-1/","https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503","https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5","https://www.debian.org/security/2019/dsa-4538"],"published_time":"2019-08-15T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-12854","summary":"Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.44493,"ranking_epss":0.97566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html","http://www.squid-cache.org/Advisories/SQUID-2019_1.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch","https://bugs.squid-cache.org/show_bug.cgi?id=4937","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/","https://seclists.org/bugtraq/2019/Aug/42","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2019/dsa-4507","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html","http://www.squid-cache.org/Advisories/SQUID-2019_1.txt","http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch","https://bugs.squid-cache.org/show_bug.cgi?id=4937","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/","https://seclists.org/bugtraq/2019/Aug/42","https://usn.ubuntu.com/4213-1/","https://www.debian.org/security/2019/dsa-4507"],"published_time":"2019-08-15T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9506","summary":"The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.","cvss":7.6,"cvss_version":3.0,"cvss_v2":4.8,"cvss_v3":7.6,"cvss_v4":null,"epss":0.04458,"ranking_epss":0.89074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://www.cs.ox.ac.uk/publications/publication12404-abstract.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3165","https://access.redhat.com/errata/RHSA-2019:3187","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3218","https://access.redhat.com/errata/RHSA-2019:3220","https://access.redhat.com/errata/RHSA-2019:3231","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/","https://www.kb.cert.org/vuls/id/918987/","https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://www.cs.ox.ac.uk/publications/publication12404-abstract.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3165","https://access.redhat.com/errata/RHSA-2019:3187","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3218","https://access.redhat.com/errata/RHSA-2019:3220","https://access.redhat.com/errata/RHSA-2019:3231","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/","https://www.kb.cert.org/vuls/id/918987/","https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"],"published_time":"2019-08-14T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9518","summary":"Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03645,"ranking_epss":0.8786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K46011592","https://support.f5.com/csp/article/K46011592?utm_source=f5support&amp%3Butm_medium=RSS","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K46011592","https://support.f5.com/csp/article/K46011592?utm_source=f5support&amp%3Butm_medium=RSS","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9511","summary":"Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.13948,"ranking_epss":0.94324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","https://access.redhat.com/errata/RHSA-2019:2692","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3041","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/40","https://seclists.org/bugtraq/2019/Sep/1","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.debian.org/security/2019/dsa-4511","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","https://access.redhat.com/errata/RHSA-2019:2692","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3041","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/40","https://seclists.org/bugtraq/2019/Sep/1","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.debian.org/security/2019/dsa-4511","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null}]}