CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2020-25705 – kernel: ICMP rate limiting can be used for DNS poisoning attack
https://notcve.org/view.php?id=CVE-2020-25705
17 Nov 2020 — A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3... • https://github.com/tdwyer/CVE-2020-25705 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25692 – openldap: NULL pointer dereference for unauthenticated packet in slapd
https://notcve.org/view.php?id=CVE-2020-25692
09 Nov 2020 — A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. Se encontró una desreferencia de puntero NULL en el servidor OpenLDAP y se corrigió en openldap versión 2.4.55, durante una petición para cambiar el nombre de los RDN. Un atacante no autenticado podría bloquear remotamente el proceso slapd al enviar ... • https://bugzilla.redhat.com/show_bug.cgi?id=1894567 • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14318 – samba: Missing handle permissions check in SMB1/2/3 ChangeNotify
https://notcve.org/view.php?id=CVE-2020-14318
02 Nov 2020 — A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. Se encontró un fallo en la manera en que samba manejaba los permisos de archivos y directorios. Un usuario autenticado podría usar este fallo para conseguir acceso a determinada información de archivos y directorios que de otra manera no estaría disponible para el atacante A flaw... • https://bugzilla.redhat.com/show_bug.cgi?id=1892631 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-25648 – nss: TLS 1.3 CCS flood remote DoS Attack
https://notcve.org/view.php?id=CVE-2020-25648
20 Oct 2020 — A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Se encontró un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versión 1.3. • https://bugzilla.redhat.com/show_bug.cgi?id=1887319 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25743
https://notcve.org/view.php?id=CVE-2020-25743
06 Oct 2020 — hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. El archivo hw/ide/pci.c en QEMU versiones anteriores a 5.1.1, puede desencadenar una desreferencia del puntero NULL porque carece de una comprobación de puntero antes de una llamada de ide_cancel_dma_sync • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25641 – kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
https://notcve.org/view.php?id=CVE-2020-25641
06 Oct 2020 — A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la implementación de biovecs del kernel de Linux en versione... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.6EPSS: 1%CPEs: 15EXPL: 0CVE-2020-14355 – spice: multiple buffer overflow vulnerabilities in QUIC decoding code
https://notcve.org/view.php?id=CVE-2020-14355
06 Oct 2020 — Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodif... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-25643 – kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
https://notcve.org/view.php?id=CVE-2020-25643
06 Oct 2020 — A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de corrupción de la memoria en el kernel de Linux en versiones anteriores a 5.9-rc7, en el módulo HDLC_PPP en la... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10763 – heketi: gluster-block volume password details available in logs
https://notcve.org/view.php?id=CVE-2020-10763
30 Sep 2020 — An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. Se encontró un fallo en la divulgación de información en la forma en que Heketi versiones anteriores a 10.1.0 registra información confidencial. Este fallo permite a un atacante con acceso local al servidor de Heketi leer información potencialmente confidencial, ... • https://bugzilla.redhat.com/show_bug.cgi?id=1845387 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-14370 – podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API
https://notcve.org/view.php?id=CVE-2020-14370
23 Sep 2020 — An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. Se encontró una vulnerabilidad de divulgación ... • https://bugzilla.redhat.com/show_bug.cgi?id=1874268 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •