CVE-2020-25645 – kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
https://notcve.org/view.php?id=CVE-2020-25645
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando IPsec está configurado para cifrar el tráfico para el puerto UDP específico usado por el túnel GENEVE, permitiendo a cualquier persona entre los dos endpoints leer el tráfico sin cifrar. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html https://bugzilla.redhat.com/show_bug.cgi?id=1883988 https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://security.netapp.com/advisory/ntap-20201103-0004 https://ww • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2020-14355 – spice: multiple buffer overflow vulnerabilities in QUIC decoding code
https://notcve.org/view.php?id=CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodificación de imágenes QUIC del sistema de visualización remota SPICE, versiones anteriores a spice-0.14.2-1. Tanto el cliente SPICE (spice-gtk) como el servidor están afectados por estos defectos. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=1868435 https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html https://usn.ubuntu.com/4572-1 https://usn.ubuntu.com/4572-2 https://www.debian.org/security/2020/dsa-4771 https://www.openwall.com/lists/oss • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-25641 – kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
https://notcve.org/view.php?id=CVE-2020-25641
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la implementación de biovecs del kernel de Linux en versiones anteriores a 5.9-rc7. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html http://www.openwall.com/lists/oss-security/2020/10/06/9 https://bugzilla.redhat.com/show_bug.cgi?id=1881424 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124 https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/ • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-7070 – PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
https://notcve.org/view.php?id=CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando PHP procesa valores de cookies HTTP entrantes, los nombres de las cookies se decodifican de la URL. Esto puede conllevar a que las cookies con prefijos como __Host se confundan con las cookies que decodifican dicho prefijo, lo que conlleva a que un atacante pueda falsificar una cookie que se supone que es segura. • http://cve.circl.lu/cve/CVE-2020-8184 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://bugs.php.net/bug.php?id=79699 https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E https://lists.fedoraproject.org/archives/list/ • CWE-20: Improper Input Validation CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2020-7069 – Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
https://notcve.org/view.php?id=CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando el modo AES-CCM es usado con la función openssl_encrypt() con 12 bytes IV, solo los primeros 7 bytes del IV está actualmente usado. Esto puede conllevar a una disminución de seguridad y datos de cifrado incorrectos • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://bugs.php.net/bug.php?id=79601 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R • CWE-20: Improper Input Validation CWE-326: Inadequate Encryption Strength •