CVE-2020-24606 – squid: Improper input validation could result in a DoS
https://notcve.org/view.php?id=CVE-2020-24606
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4, permite que un peer de confianza lleve a cabo una Denegación de Servicio mediante el consumo de todos los ciclos de la CPU disponibles durante el manejo de un mensaje de respuesta de Cache Digest diseñado. Esto solo ocurre cuando cache_peer es usado con la funcionalidad cache digest. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2 https://lists.fedoraproje • CWE-20: Improper Input Validation CWE-667: Improper Locking •
CVE-2020-14350 – postgresql: Uncontrolled search path element in CREATE EXTENSION
https://notcve.org/view.php?id=CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. Se detectó que algunas extensiones de PostgreSQL no usaban la función search_path de forma segura en su script de instalación. Un atacante con suficientes privilegios podría usar este fallo para engañar a un administrador para ejecutar un script especialmente diseñado durante la instalación o actualización de dicha extensión. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=1865746 https: • CWE-20: Improper Input Validation CWE-426: Untrusted Search Path •
CVE-2020-14349 – postgresql: Uncontrolled search path element in logical replication
https://notcve.org/view.php?id=CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. Se detectó que las versiones de PostgreSQL anteriores a 12.4, anteriores a 11.9 y anteriores a 10.14, no saneban apropiadamente la función search_path durante la replicación lógica. Un atacante autenticado podría usar este fallo en un ataque similar al CVE-2018-1058, para ejecutar un comando SQL arbitrario en el contexto del usuario usado para la replicación. A flaw was found in PostgreSQL, where it did not properly sanitize the search_path during logical replication. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=1865744 https://security.gentoo.org/glsa/202008-13 https://security.netapp.com/adv • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-427: Uncontrolled Search Path Element •
CVE-2020-8624 – update-policy rules of type "subdomain" are enforced incorrectly
https://notcve.org/view.php?id=CVE-2020-8624
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. En BIND versiones 9.9.12 -) 9.9.13, 9.10.7 -) 9.10.8, 9.11.3 -) 9.11.21, 9.12.1 -) 9.16.5, 9.17.0 -) 9.17.3, también afecta a versiones 9.9 .12-S1 -) 9.9.13-S1, 9.11.3-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante a quien le han sido otorgado privilegios para cambiar un subconjunto específico del contenido de la zona podría abusar de estos privilegios adicionales no previstos para actualizar otros contenidos de la zona. A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://kb.isc.org/docs/cve-2020-8624 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP https://security.gentoo.org/glsa/202008-19 https://security.netapp.com/advisory/ntap- • CWE-269: Improper Privilege Management CWE-400: Uncontrolled Resource Consumption •
CVE-2020-8623 – A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
https://notcve.org/view.php?id=CVE-2020-8623
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker En BIND versiones 9.10.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, también afecta a versiones 9.10.5-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante que puede llegar a un sistema vulnerable con un paquete de consulta especialmente diseñado puede desencadenar un bloqueo. Para ser vulnerable, el sistema debe: * estar ejecutando BIND que fue creado con "--enable-native-pkcs11" * estar firmando una o más zonas con una clave RSA * ser capaz de recibir consultas de un posible atacante A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with "--enable-native-pkcs11" for the system to be affected. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://kb.isc.org/docs/cve-2020-8623 https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP https://security. • CWE-400: Uncontrolled Resource Consumption CWE-617: Reachable Assertion •