CVE-2020-25212 – kernel: TOCTOU mismatch in the NFS client code
https://notcve.org/view.php?id=CVE-2020-25212
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tamaño se encuentra en el archivo fs/nfs/nfs4proc.c en lugar de fs/nfs/nfs4xdr.c, también se conoce como CID-b4487b935452. A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVE-2020-14345 – X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14345
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en X.Org Server versiones anteriores a xorg-x11-server 1.20.9. Un acceso fuera de límites en la función XkbSetNames puede conllevar a una vulnerabilidad de escalada de privilegios. • http://www.openwall.com/lists/oss-security/2021/01/15/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862241 https://lists.x.org/archives/xorg-announce/2020-August/003058.html https://security.gentoo.org/glsa/202012-01 https://usn.ubuntu.com/4488-2 https://usn.ubuntu.com/4490-1 https://www.zerodayinitiative.com/advisories/ZDI-20-1416 https://access.redhat.com/security/cve/CVE-2020-14345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-24654
https://notcve.org/view.php?id=CVE-2020-24654
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. En KDE Ark versiones anteriores a 20.08.1, un archivo TAR diseñado con enlaces simbólicos puede instalar archivos fuera del directorio de extracción, como es demostrado mediante una operación de escritura en el directorio de inicio del usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00001.html https://bugzilla.suse.com/show_bug.cgi?id=1175857 https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd https://kde.org/info/security/advisory-20200827-1.txt https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXMMXNJDYOCJRZTESIUGHG6CS4RJKECX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-14364 – QEMU: usb: out-of-bounds r/w access issue while processing usb packets
https://notcve.org/view.php?id=CVE-2020-14364
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. Se encontró un fallo de acceso de lectura/escritura fuera de límites en el emulador USB de QEMU en versiones anteriores a la 5.2.0. Este problema ocurre mientras se procesan paquetes USB de un invitado cuando USBDevice "setup_len" excede su "data_buf [4096]" en las rutinas do_token_in, do_token_out. • https://github.com/gejian-iscas/CVE-2020-14364 https://github.com/y-f00l/CVE-2020-14364 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html https://bugzilla.redhat.com/show_bug.cgi?id=1869201 https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6T • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2020-15810 – squid: HTTP Request Smuggling could result in cache poisoning
https://notcve.org/view.php?id=CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2C • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •