CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27670 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27670
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de páginas IOMMU ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27671 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27671
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado HVM y PVH de x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque la combinación de descargas... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27672 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27672
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del SO invitado x86 causar una denegación de servicio del SO host, lograr una corrupción de datos o posiblemente alcanzar privilegios mediante la explotación de una condici... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27673 – Ubuntu Security Notice USN-4751-1
https://notcve.org/view.php?id=CVE-2020-27673
22 Oct 2020 — An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. Los usuarios del Sistema Operativo invitado pueden causar una denegación de servicio (suspensión del Sistema Operativo host) por medio de una alta tasa de eventos en dom0, también se c... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-15683 – Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
https://notcve.org/view.php?id=CVE-2020-15683
22 Oct 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 81 y Firefox ESR versi... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25829 – Gentoo Linux Security Advisory 202012-19
https://notcve.org/view.php?id=CVE-2020-25829
16 Oct 2020 — An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Se ha encontrado un problema en PowerDNS... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
15 Oct 2020 — In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la de... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15229 – Path traversal and files overwrite with unsquashfs
https://notcve.org/view.php?id=CVE-2020-15229
14 Oct 2020 — Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image o... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2020-25645 – kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
https://notcve.org/view.php?id=CVE-2020-25645
13 Oct 2020 — A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando I... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 3%CPEs: 11EXPL: 0CVE-2020-26934 – Gentoo Linux Security Advisory 202101-35
https://notcve.org/view.php?id=CVE-2020-26934
10 Oct 2020 — phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3, permite un ataque de tipo XSS por medio de la funcionalidad de transformación mediante un enlace diseñado It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. It wa... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •