CVE-2020-0543 – hw: Special Register Buffer Data Sampling (SRBDS)
https://notcve.org/view.php?id=CVE-2020-0543
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •
CVE-2020-13974 – kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c
https://notcve.org/view.php?id=CVE-2020-13974
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. Se detectó un problema en el kernel de Linux versión 4.4 hasta la versión 5.7.1. En el archivo drivers/tty/vt/keyboard.c presenta un desbordamiento de enteros si se llama a la función k_ascii varias veces seguidas, también se conoce como CID-b86dab054059. NOTA: Los miembros de la comunidad argumentan que el desbordamiento de números enteros no conduce a un problema de seguridad en este caso A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://lkml.org/lkml/2020/3/22/482 https://usn.u • CWE-190: Integer Overflow or Wraparound •
CVE-2020-12049 – dbus: denial of service via file descriptor leak
https://notcve.org/view.php?id=CVE-2020-12049
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. Se detectó un problema en dbus versiones posteriores a 1.3.0 e incluyéndola y anteriores a 1.12.18. El DBusServer en libdbus, como es usado en dbus-daemon, filtra los descriptores de archivo cuando un mensaje excede el límite del descriptor de archivo por mensaje. • http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html http://www.openwall.com/lists/oss-security/2020/06/04/3 https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18 https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16 https://security.gentoo.org/glsa/202007-46 https://securitylab.github& • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVE-2020-13596
https://notcve.org/view.php?id=CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.13 y versiones 3.0 anteriores a 3.0.7. En casos donde un backend memcached no lleva a cabo una comprobación de la clave, pasa claves de caché maliciosas que podría resultar en una colisión de claves y una potencial filtración de datos. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/forum/#%21msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://security.netapp.com/advisory/ntap-20200611-0002 https://usn.ubuntu.com/4381-1 https://usn.ubuntu.com/4381-2 https://www.debian.org/security/2020/dsa-4705 https://www.djangoproject.com/weblog/2020/jun/03/security-releases https& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13254 – django: potential data leakage via malformed memcached keys
https://notcve.org/view.php?id=CVE-2020-13254
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.13 y versiones 3.0 anteriores a 3.0.7. En casos donde un backend memcached no lleva a cabo una comprobación de la clave, pasa claves de caché maliciosas que podría resultar en una colisión de claves y una potencial filtración de datos. A flaw was found in Django, where the memcached backend does not perform key validation and passes malformed keys. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://security.netapp.com/advisory/ntap-20200611-0002 https://usn.ubuntu.com/4381-1 https://usn.ubuntu.com/4381-2 https://www.debian.org/security/2020/dsa-4705 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •