CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-25212 – kernel: TOCTOU mismatch in the NFS client code
https://notcve.org/view.php?id=CVE-2020-25212
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tamaño se encuentra en el archivo fs/nfs/nfs4proc.c en lugar de fs/nfs/nfs4xdr.c, también se conoce como CID-b4487b935452. A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org&#x • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2020-1968 – Raccoon attack
https://notcve.org/view.php?id=CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. • https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html https://security.gentoo.org/glsa/202210-02 https://security.netapp.com/advisory/ntap-20200911-0004 https://usn.ubuntu.com/4504-1 https://www.openssl.org/news/secadv/20200909.txt https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.o • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 2CVE-2020-24379 – Yaws 2.0.7 XML Injection / Command Injection
https://notcve.org/view.php?id=CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Una implementación de WebDAV en el servidor web Yaws versiones 1.81 hasta 2.0.7, es vulnerable a una inyección de tipo XXE. Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities. • https://github.com/erlyaws/yaws/commits/master https://github.com/vulnbe/poc-yaws-dav-xxe https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://usn.ubuntu.com/4569-1 https://vuln.be/post/yaws-xxe-and-shell-injections https://www.debian.org/security/2020/dsa-4773 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 57%CPEs: 4EXPL: 3CVE-2020-24916 – Yaws 2.0.7 XML Injection / Command Injection
https://notcve.org/view.php?id=CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. la implementación de CGI en el servidor web Yaws. (CVE-2020-24916) Una implementación de CGI en el servidor web Yaws versiones 1.81 hasta 2.0.7, es vulnerable a una inyección de comandos del Sistema Operativo. Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities. • https://github.com/erlyaws/yaws/commits/master https://github.com/vulnbe/poc-yaws-cgi-shell-injection https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://usn.ubuntu.com/4569-1 https://vuln.be/post/yaws-xxe-and-shell-injections https://www.debian.org/security/2020/dsa-4773 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14345 – X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14345
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en X.Org Server versiones anteriores a xorg-x11-server 1.20.9. Un acceso fuera de límites en la función XkbSetNames puede conllevar a una vulnerabilidad de escalada de privilegios. • http://www.openwall.com/lists/oss-security/2021/01/15/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862241 https://lists.x.org/archives/xorg-announce/2020-August/003058.html https://security.gentoo.org/glsa/202012-01 https://usn.ubuntu.com/4488-2 https://usn.ubuntu.com/4490-1 https://www.zerodayinitiative.com/advisories/ZDI-20-1416 https://access.redhat.com/security/cve/CVE-2020-14345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •