CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 2CVE-2020-25656 – kernel: use-after-free in read in vt_do_kdgkb_ioctl
https://notcve.org/view.php?id=CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux. • https://bugzilla.redhat.com/show_bug.cgi?id=1888726 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://lkml.org/lkml/2020/10/16/84 https://lkml.org/lkml/2020/10/29/528 https://www.starwindsoftware.com/security/sw-20210325-0006 https://access.redhat.com/security/cve/CVE-2020-25656 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0CVE-2020-25710 – openldap: assertion failure in CSN normalization with invalid input
https://notcve.org/view.php?id=CVE-2020-25710
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. Se encontró un fallo en OpenLDAP en versiones anteriores a 2.4.56. Este fallo permite a un atacante que envía un paquete malicioso procesado por OpenLDAP forzar una afirmación fallida en la función csnNormalize23(). • https://bugzilla.redhat.com/show_bug.cgi?id=1899678 https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html https://security.netapp.com/advisory/ntap-20210716- • CWE-617: Reachable Assertion •
CVSS: 5.8EPSS: 1%CPEs: 27EXPL: 0CVE-2020-27218 – jetty: buffer not correctly recycled in Gzip Request inflation
https://notcve.org/view.php?id=CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. En Eclipse Jetty versión 9.4.0.RC0 hasta 9.4.34.v20201102, 10.0.0.alpha0 hasta 10.0.0.beta2 y 11.0.0.alpha0 hasta 11.0.0.beta2, si la inflación del cuerpo de la petición GZIP está habilitada y solicita de diferentes clientes se multiplexan en una sola conexión, y si un atacante puede enviar una petición con un cuerpo que es recibido por completo pero no consumido por la aplicación, entonces una petición posterior en la misma conexión verá ese cuerpo antepuesto a su cuerpo. El atacante no verá ningún dato, pero puede inyectar datos en el cuerpo de la petición posterior • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/r078c120 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14351 – Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14351
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el kernel de Linux. Se encontró un fallo de uso de la memoria previamente liberada en el subsistema perf que permitía a un atacante local con permiso para monitorear eventos de desempeño para corromper la memoria y posiblemente escalar privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1862849 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://access.redhat.com/security/cve/CVE-2020-14351 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-25708 – libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
https://notcve.org/view.php?id=CVE-2020-25708
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. Se encontró un problema de división por cero en libvncserver-0.9.12. Un cliente malicioso podría usar este fallo para enviar un mensaje especialmente diseñado que, cuando se procesaba mediante el servidor VNC, conduciría a una excepción de punto flotante, resultando en una denegación de servicio A divide by zero flaw was found in libvncserver. This flaw allows a malicious client to send a specially crafted message that, when processed by the VNC server, leads to a floating-point exception, resulting in a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1896739 https://lists.debian.org/debian-lts-announce/2022/09/msg00035.html https://access.redhat.com/security/cve/CVE-2020-25708 • CWE-369: Divide By Zero •