CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15113 – Improper Preservation of Permissions in etcd
https://notcve.org/view.php?id=CVE-2020-15113
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). En etcd versiones anteriores a 3.3.23 y 3.4.10, determinadas rutas de directorio son creadas (directorio de datos de etcd y la ruta de directorio cuando se proporcionaba para generar automáticamente certificados autofirmados para conexiones TLS con clientes) con permisos de acceso restringido (700) usando os.MkdirAll. Esta función no realiza ninguna comprobación de permisos cuando una ruta de directorio dada ya existe. • https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15113 https://bugzilla.redhat.com/show_bug.cgi?id=1868870 • CWE-281: Improper Preservation of Permissions CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15106 – Improper Input Validation in etcd
https://notcve.org/view.php?id=CVE-2020-15106
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. En etcd versiones anteriores a 3.3.23 y 3.4.10, un segmento grande causa pánico en el método decodeRecord. El tamaño de un registro es almacenado en el campo de longitud de un archivo WAL y no se hace ninguna comprobación adicional en estos datos. • https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP https://access.redhat.com/security/cve/CVE-2020-15106 https://bugzilla.redhat.com/show_bug.cgi?id=1868883 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-14344 – libX11: Heap overflow in the X input method client
https://notcve.org/view.php?id=CVE-2020-14344
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. Se encontró un desbordamiento de enteros conllevando a un desbordamiento del búfer de la pila en el cliente X Input Method (XIM), se implementó en libX11 anterior a la versión 1.6.10. Según aguas arriba, esto es relevante para la seguridad cuando los programas setuid llaman a las funciones del cliente XIM mientras se ejecutan con privilegios elevados. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF https://lists.fedoraproject.org/ar • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-17353
https://notcve.org/view.php?id=CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. El archivo scm/define-stencil-command.scm en LilyPond versiones hasta 2.20.0 y versiones 2.21.x hasta 2.21.4, cuando -dsafe es usada, carece de restricciones en embedded-ps y embedded-svg, como es demostrado al incluir código PostScript peligroso • http://git.savannah.gnu.org/gitweb/?p=lilypond.git%3Ba=commit%3Bh=b84ea4740f3279516905c5db05f4074e777c16ff http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2JYMVLTPSNYS5F7TBHKIXUZZJIJAMRX https://www.debian.org/security/202 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-16269
https://notcve.org/view.php?id=CVE-2020-16269
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. radare2 versión 4.5.0, analiza inapropiadamente la información DWARF en los archivos ejecutables, causando un error de segmentación en la función parse_typedef en el archivo type_dwarf.c por medio de un nombre DW_AT_formate malformado en la sección .debug_info • https://github.com/radareorg/radare2/issues/17383 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45SGGCWFIIV7N2X2QZRREHOW7ODT3IH7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJET3RR6W7LAK4H6VPTMAZS24W7XYHRZ •