CVE-2020-11884 – Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2020-11884
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualización concurrente de la tabla de página, también se conoce como CID-3f777e19d171. Tambíen podría ocurrir un bloqueo A flaw was found in the Linux kernel on s390 architecture. The issue occurs on multiprocessing systems when one s390 CPU is in Secondary Address Mode and another CPU does a kernel page table upgrade. • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW https://lists.fedoraproject.org/archives/list/package-announce%4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •
CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html https://bugs.openldap.org/show_bug.cgi?id=9202 https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html https://security.netapp.com/advisory/ntap-20200511-0003 https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4352-1 https • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. • https://github.com/irsl/CVE-2020-1967 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/5 http://www.openwall.com/lists/oss-security/2020/04/22/2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 https:/ • CWE-476: NULL Pointer Dereference •
CVE-2020-2830 – OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)
https://notcve.org/view.php?id=CVE-2020-2830
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ https://lists.fedoraproject.org/archives& • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-2816 – OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)
https://notcve.org/view.php?id=CVE-2020-2816
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html https://security.netapp.com/advisory/ntap-20200416-0004 https://usn.ubuntu.com/4337-1 https://www.debian.org/security/2020/dsa-4662 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2020-2816 https://bugzilla.redhat.com/show_bug.cgi?id=1823853 • CWE-358: Improperly Implemented Security Check for Standard •