CVE-2020-28039 – WordPress Core < 5.5.2 - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2020-28039
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. La función is_protected_meta en el archivo wp-includes/meta.php en WordPress versiones anteriores a 5.5.2, permite la eliminación arbitraria de archivos porque no determina apropiadamente si una clave meta es considerada protegida • https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y https://wordpress.org • CWE-285: Improper Authorization •
CVE-2020-14837 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14837
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20201023-0003 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-14837 https://bugzilla.redhat.com/show_bug.cgi?id=1890764 •
CVE-2020-15157 – containerd can be coerced into leaking credentials during image pull
https://notcve.org/view.php?id=CVE-2020-15157
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. • https://github.com/containerd/containerd/releases/tag/v1.2.14 https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c https://usn.ubuntu.com/4589-1 https://usn.ubuntu.com/4589-2 https://www.debian.org/security/2021/dsa-4865 https://access.redhat.com/security/cve/CVE-2020-15157 https://bugzilla.redhat.com/show_bug.cgi?id=1888248 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVE-2020-16119 – DCCP CCID structure use-after-free
https://notcve.org/view.php?id=CVE-2020-16119
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux explotable por un atacante local debido a la reutilización de un socket DCCP con un objeto dccps_hc_tx_ccid adjunto como oyente después de ser liberado. Corregido en el kernel de Ubuntu Linux versiones 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 y 3.2.0-149.196 • https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695 https://launchpad.net/bugs/1883840 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T https://security.netapp.com/advisory/ntap-20210304-0006 https://ubuntu.com/USN-4576-1 https://ubuntu.com/USN-4 • CWE-416: Use After Free •
CVE-2020-16120 – Unprivileged overlay + shiftfs read access
https://notcve.org/view.php?id=CVE-2020-16120
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. • https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8 https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84 https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52 https://launchpad.net/bugs/1894980 https://launchpad.net/bugs/1900141 https://ubuntu.com/USN-4576-1 https://ubuntu.com/USN-4577-1 https://ubuntu.com/USN-4578-1 https://www.openwall • CWE-266: Incorrect Privilege Assignment •