CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14547 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14547
15 Jul 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2020-14550 – mysql: C API unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14550
15 Jul 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impact... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2020-13753 – Ubuntu Security Notice USN-4648-1
https://notcve.org/view.php?id=CVE-2020-13753
14 Jul 2020 — The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamen... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-20907 – python: infinite loop in the tarfile module via crafted TAR archive
https://notcve.org/view.php?id=CVE-2019-20907
13 Jul 2020 — In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. En la biblioteca Lib/tarfile.py en Python versiones hasta 3.8.3, un atacante puede diseñar un archivo TAR conllevando a un bucle infinito cuando se abrió mediante tarfile.open, porque la función _proc_pax carece de comprobación de encabezado A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR arc... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15567 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-15567
07 Jul 2020 — An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15564 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-15564
07 Jul 2020 — An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the gue... • http://www.openwall.com/lists/oss-security/2020/07/07/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15565 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-15565
07 Jul 2020 — An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15563 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-15563
07 Jul 2020 — An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 18%CPEs: 12EXPL: 0CVE-2020-14303 – Ubuntu Security Notice USN-4454-1
https://notcve.org/view.php?id=CVE-2020-14303
06 Jul 2020 — A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. Se encontró un fallo en el servidor AD DC NBT en todas las versiones de Samba anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4. Un usuario de samba podría enviar un paquete UDP vacío para hacer que el servidor de samba se bloquee USN-4454-1 fixed a vulnerability in Samba. This update provides the corre... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 2%CPEs: 9EXPL: 0CVE-2020-10730 – samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
https://notcve.org/view.php?id=CVE-2020-10730
02 Jul 2020 — A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se encontró una desrefer... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •