CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2020-9490 – httpd: Push diary crash on specifically crafted HTTP/2 header
https://notcve.org/view.php?id=CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43.. Un valor especialmente diseñado para el encabezado "Cache-Digest" en una petición HTTP/2 resultaría en un bloqueo cuando el servidor realmente intenta un PUSH HTTP/2 un recurso mas tarde. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E https://lists& • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8026 – inn: non-root owned files
https://notcve.org/view.php?id=CVE-2020-8026
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de inn en openSUSE Leap versión 15.2, openSUSE Tumbleweed, openSUSE Leap versión 15.1, permite a atacantes locales con control del nuevo usuario escalar sus privilegios a root. Este problema afecta a: inn versión 2.6.2-lp152.1.26 y versiones anteriores de openSUSE Leap versión 15.2. inn versión 2.6.2-4.2 y versiones anteriores de openSUSE Tumbleweed. inn versión 2.5.4-lp151.3.3.1 y versiones anteriores de openSUSE Leap versión 15.1 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1172573 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2020-16845 – golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
https://notcve.org/view.php?id=CVE-2020-16845
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. Go versiones anteriores a 1.13.15 y versiones 14.x anteriores a 1.14.7, puede presentar un bucle de lectura infinito en las funciones ReadUvarint y ReadVarint en encoding/binary por medio de entradas no válidas A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q https://lists.debian.org/debian-lts-announce/2020/11/msg00037& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-14344 – libX11: Heap overflow in the X input method client
https://notcve.org/view.php?id=CVE-2020-14344
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. Se encontró un desbordamiento de enteros conllevando a un desbordamiento del búfer de la pila en el cliente X Input Method (XIM), se implementó en libX11 anterior a la versión 1.6.10. Según aguas arriba, esto es relevante para la seguridad cuando los programas setuid llaman a las funciones del cliente XIM mientras se ejecutan con privilegios elevados. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF https://lists.fedoraproject.org/ar • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2020-16166 – kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
https://notcve.org/view.php?id=CVE-2020-16166
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos drivers/char/random.c y kernel/time/timer.c A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html https://arxiv.org/pdf/2012.07432.pdf https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638 https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://lists.debian& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •