Lucene search

K
nvd[email protected]NVD:CVE-2020-24977
HistorySep 04, 2020 - 12:15 a.m.

CVE-2020-24977

2020-09-0400:15:10
CWE-125
web.nvd.nist.gov
2

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

69.0%

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Affected configurations

NVD
Node
xmlsoftlibxml2Match2.9.10
Node
debiandebian_linuxMatch9.0
Node
fedoraprojectfedoraMatch31
OR
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
Node
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappclustered_data_ontapMatch-
OR
netappclustered_data_ontap_antivirus_connectorMatch-
OR
netappinventory_collect_toolMatch-
OR
netappmanageability_software_development_kitMatch-
OR
netappsnapdriveMatch-unix
OR
netappsnapdriveMatch-windows
Node
netapphci_h410c_firmwareMatch-
AND
netapphci_h410cMatch-
Node
oraclecommunications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0
OR
oracleenterprise_manager_base_platformMatch13.4.0.0
OR
oracleenterprise_manager_base_platformMatch13.5.0.0
OR
oracleenterprise_manager_ops_centerMatch12.4.0.0
OR
oraclehttp_serverMatch12.2.1.3.0
OR
oraclehttp_serverMatch12.2.1.4.0
OR
oraclemysql_workbenchRange8.0.26
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.58
OR
oraclereal_user_experience_insightMatch13.4.1.0
OR
oraclereal_user_experience_insightMatch13.5.1.0

References

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

69.0%