6.5
CVE-2020-24977
- EPSS 3.67%
- Veröffentlicht 04.09.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 05:16:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version9.0
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3
Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
Netapp ≫ Clustered Data Ontap Version-
Netapp ≫ Clustered Data Ontap Antivirus Connector Version-
Netapp ≫ Inventory Collect Tool Version-
Netapp ≫ Manageability Software Development Kit Version-
Netapp ≫ Hci H410c Firmware Version-
Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0
Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0
Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0
Oracle ≫ HTTP Server Version12.2.1.3.0
Oracle ≫ HTTP Server Version12.2.1.4.0
Oracle ≫ Mysql Workbench Version <= 8.0.26
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Real User Experience Insight Version13.4.1.0
Oracle ≫ Real User Experience Insight Version13.5.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.67% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
https://security.gentoo.org/glsa/202107-05
https://security.netapp.com/advisory/ntap-20200924-0001/