CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2020-11993 – httpd: mod_http2 concurrent pool usage
https://notcve.org/view.php?id=CVE-2020-11993
07 Aug 2020 — Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43, cuando trace/debug fue habilitado para el módulo HTTP/2 y en determinados patrones de tráfico de borde, se hicieron declaracion... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 2%CPEs: 20EXPL: 1CVE-2020-11984 – httpd: mod_proxy_uwsgi buffer overflow
https://notcve.org/view.php?id=CVE-2020-11984
07 Aug 2020 — Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE Apache HTTP server versiones 2.4.32 hasta 2.4.44, la función mod_proxy_uwsgi divulga información y posible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 54EXPL: 0CVE-2020-9490 – httpd: Push diary crash on specifically crafted HTTP/2 header
https://notcve.org/view.php?id=CVE-2020-9490
07 Aug 2020 — Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43.. Un valor especialmente diseñado para el encabezado "Cache-Digest" en una petición HTTP/2 resultaría en un bloqueo cuando el servidor realmente... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 2CVE-2020-11937 – Resource exhaustion vulnerability in whoopsie
https://notcve.org/view.php?id=CVE-2020-11937
05 Aug 2020 — In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1. En whoopsie, la función parse_report() del archivo whoopsie.c, permite a un atacante local causar una denegación de servicio por medio de un archivo diseñado. La DoS es causada por el agotamiento de los recursos debido a una pérdida de memoria. • https://github.com/sungjungk/whoopsie_killer • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15704 – pppd arbitrary file read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2020-15704
05 Aug 2020 — The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. • https://ubuntu.com/security/notices/USN-4451-1 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 107EXPL: 1CVE-2020-15701 – Unhandled exception in apport
https://notcve.org/view.php?id=CVE-2020-15701
05 Aug 2020 — An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. Un atacante local puede explotar una excepción no manejada en la función check_ignored() en el archivo apport/report.py para causar una denegación de servicio. Si el atributo mtime es un v... • https://launchpad.net/bugs/1877023 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.0EPSS: 0%CPEs: 104EXPL: 0CVE-2020-15702 – TOCTOU in apport
https://notcve.org/view.php?id=CVE-2020-15702
05 Aug 2020 — TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. La vulnerabilidad de Condición de Carrera TOCTOU en apport permite a... • https://usn.ubuntu.com/4449-1 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-14344 – libX11: Heap overflow in the X input method client
https://notcve.org/view.php?id=CVE-2020-14344
05 Aug 2020 — An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. Se encontró un desbordamiento de enteros conllevando a un desbordamiento del búfer de la pila en el cliente X Input Method (XIM), se implementó en libX11 anterior a la versión... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-14347 – X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-14347
04 Aug 2020 — A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. Se encontró un fallo en la manera en que la memoria de xserver no fue inicializada apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html • CWE-665: Improper Initialization •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2020-16166 – kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
https://notcve.org/view.php?id=CVE-2020-16166
30 Jul 2020 — The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos d... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •