CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11933 – local snapd exploit through cloud-init
https://notcve.org/view.php?id=CVE-2020-11933
15 Jul 2020 — cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. cloud-init administrado por snapd en lo... • https://launchpad.net/bugs/1879530 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2020-15780 – kernel: lockdown: bypass through ACPI write via acpi_configfs
https://notcve.org/view.php?id=CVE-2020-15780
15 Jul 2020 — An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Se detectó un problema en el archivo drivers/acpi/acpi_configfs.c en el kernel de Linux versiones anteriores a 5.7.7. Una inyección de tablas ACPI maliciosas por medio de configfs podría ser usada por atacantes para omitir el bloqueo y asegurar las restricciones de arranque, ... • https://github.com/Annavid/CVE-2020-15780-exploit • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14697 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14697
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14702 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14702
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14680 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14680
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14678 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14678
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14651 – mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14651
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of ... • https://security.gentoo.org/glsa/202105-27 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14663 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14663
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14656 – mysql: Server: Locking unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14656
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14654 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14654
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •