CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-10756 – QEMU SLiRP Networking Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10756
09 Jul 2020 — An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Se encontró una vulnerabilidad de lectura fuera de límites en la implementación de red SLiRP del emulador QEMU. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 27EXPL: 1CVE-2019-14900 – hibernate: SQL injection issue in Hibernate ORM
https://notcve.org/view.php?id=CVE-2019-14900
12 May 2020 — A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. Se encontró un fallo en Hibernate ORM en versiones anteriores a 5.3.18, 5.4.18 y 5.5.0.Beta1. Una inyección SQL en la implementación de la API JPA Criteria pu... • https://github.com/shanika04/hibernate-orm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
https://notcve.org/view.php?id=CVE-2020-10711
12 May 2020 — A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NU... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10685 – Ansible: modules which use files encrypted with vault are not properly cleaned up
https://notcve.org/view.php?id=CVE-2020-10685
22 Apr 2020 — A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only clear... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685 • CWE-459: Incomplete Cleanup •
CVSS: 7.9EPSS: 0%CPEs: 12EXPL: 0CVE-2020-10684 – Ansible: code injection when using ansible_facts as a subkey
https://notcve.org/view.php?id=CVE-2020-10684
24 Mar 2020 — A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. Se descubrió un fallo en Ansible Engine, todas las version... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-862: Missing Authorization •
CVSS: 3.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1738 – Gentoo Linux Security Advisory 202006-11
https://notcve.org/view.php?id=CVE-2020-1738
16 Mar 2020 — A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando el paquete o servicio del módulo es usado y el parámetro "use" no es especificado. Si una tarea anterior es ejecutada con un usuario ma... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1740 – ansible: secrets readable after ansible-vault edit
https://notcve.org/view.php?id=CVE-2020-1740
16 Mar 2020 — A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerabl... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •
CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 1CVE-2020-1735 – ansible: path injection on dest parameter in fetch module
https://notcve.org/view.php?id=CVE-2020-1735
16 Mar 2020 — A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en el Ansible Engine cuando es usado el módulo de búsqueda. Un atacante podría interceptar el módulo, inyectar una nueva ruta y luego elegir una nueva ruta destino en el nodo del controlador. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.3EPSS: 0%CPEs: 12EXPL: 1CVE-2020-1736 – ansible: atomic_move primitive sets permissive permissions
https://notcve.org/view.php?id=CVE-2020-1736
16 Mar 2020 — A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando un archivo es movido u... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1739 – ansible: svn module leaks password when specified as a parameter
https://notcve.org/view.php?id=CVE-2020-1739
12 Mar 2020 — A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. Se detectó un fallo en Ansible versiones 2.7.16 y anteriores, versiones 2.8.8 y anteriores y versiones 2.9.5 y anteriores, cuando es establecida una contraseña con el argumento "pas... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •