CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15677 – Mozilla: Download origin spoofing via redirect
https://notcve.org/view.php?id=CVE-2020-15677
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Al explotar una vulnerabilidad de Redireccionamiento Abierto en un sitio web, un atacante podría haber falsificado el sitio que es mostrado en el cuadro de diálogo del archivo de descarga para mostrar el sitio original (el que sufre el redireccionamiento abierto) en lugar del sitio del que se descargó el archivo realmente. Esta vulnerabilidad afecta a Firefox versiones anteriores a 81, Thunderbird versiones anteriores a 78.3, y Firefox ESR versiones anteriores a 78.3 The Mozilla Foundation Security Advisory describes this flaw as: By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/show_bug.cgi?id=1641487 https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html https://security.gentoo.org/glsa/202010-02 https://www.debian.org/security/2020/dsa-4770 https://www.mozilla.org/security/advisories/mfsa2020-42 https://www.mozilla.org/security/advisories/mfsa2020-43 https://www.mozil • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15673 – Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
https://notcve.org/view.php?id=CVE-2020-15673
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Los desarrolladores de Mozilla reportaron unos bugs de seguridad de la memoria presentes en Firefox versión 80 y Firefox ESR versión 78.2. Algunos de estos bugs han mostrado evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1648493%2C1660800 https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html https://security.gentoo.org/glsa/202010-02 https://www.debian.org/security/2020/dsa-4770 https://www.mozilla.org/security/advisories/mfsa2020-42 https://www.mozilla.org/security/advisories/mfsa2020-43 https:/&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-26088
https://notcve.org/view.php?id=CVE-2020-26088
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Una falta de comprobación de CAP_NET_RAW en la creación de sockets NFC en el archivo net/nfc/rawsock.c en el Kernel de Linux versiones anteriores a 5.8.2, podría ser usada por unos atacantes locales para crear sockets sin procesar, omitiendo los mecanismos de seguridad, también se conoce como CID-26896f01467a. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2 https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https: • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25603
https://notcve.org/view.php?id=CVE-2020-25603
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4769 htt • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25596
https://notcve.org/view.php?id=CVE-2020-25596
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4769 htt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •