CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-16121 – PackageKit error messages leak presence and mimetype of files to unprivileged users
https://notcve.org/view.php?id=CVE-2020-16121
24 Sep 2020 — PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. PackageKit proporcionó mensajes de error detallados a llamadores no privilegiados que exponían información sobre la presencia de archivos y mimetype de archivos que el usuario no podría ser capaz de determinar por sí solo • https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-26088 – Ubuntu Security Notice USN-4578-1
https://notcve.org/view.php?id=CVE-2020-26088
24 Sep 2020 — A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Una falta de comprobación de CAP_NET_RAW en la creación de sockets NFC en el archivo net/nfc/rawsock.c en el Kernel de Linux versiones anteriores a 5.8.2, podría ser usada por unos atacantes locales para crear sockets sin procesar, omitiendo los mecanismos de seguridad, también se conoce como CID-... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25739 – Ubuntu Security Notice USN-4560-1
https://notcve.org/view.php?id=CVE-2020-25739
23 Sep 2020 — An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. Se detectó un problema en la gema gon versiones anteriores a gon-6.4.0 para Ruby. MultiJson, no respeta el parámetro escape_mode para escapar de los campos como mecanismo de protección XSS. • https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2020-15710 – Potential double-free in pulseaudio
https://notcve.org/view.php?id=CVE-2020-15710
18 Sep 2020 — Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. Una potencial doble liberación en el módulo Bluez 5 de PulseAudio, podría permitir a un atacante local perder memoria o bloquear el programa. La variable modargs puede ser liberada dos veces en una c... • https://launchpad.net/bugs/1884738 • CWE-415: Double Free •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919 – Ubuntu Security Notice USN-4534-1
https://notcve.org/view.php?id=CVE-2019-20919
17 Sep 2020 — An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14382 – cryptsetup: Out-of-bounds write when validating segments
https://notcve.org/view.php?id=CVE-2020-14382
16 Sep 2020 — A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backu... • https://bugzilla.redhat.com/show_bug.cgi?id=1874712 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14385 – kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt
https://notcve.org/view.php?id=CVE-2020-14385
15 Sep 2020 — A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
15 Sep 2020 — A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14314 – kernel: buffer uses out of index in ext3/4 filesystem
https://notcve.org/view.php?id=CVE-2020-14314
15 Sep 2020 — A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con i... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14392 – Ubuntu Security Notice USN-4503-1
https://notcve.org/view.php?id=CVE-2020-14392
14 Sep 2020 — An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Se encontró un fallo de desreferencia del puntero no confiable en Perl-DBI versiones anteriores a 1.643. Un atacante local que es capaz de manipular llamadas a la función dbd_db_login6_sv() podría causar una corrupción de la memoria, afectando la disponibilidad del servicio Multiple vulnerabilities hav... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •