CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12770 – kernel: sg_write function lacks an sg_remove_request call in a certain failure case
https://notcve.org/view.php?id=CVE-2020-12770
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, también se conoce como CID-83c6f2390040. A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2020-12762 – libfastjson: integer overflow and out-of-bounds write via a large JSON file
https://notcve.org/view.php?id=CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://github.com/json-c/json-c/pull/592 https://github.com/rsyslog/libfastjson/issues/161 https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-annou • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12050
https://notcve.org/view.php?id=CVE-2020-12050
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. SQLiteODBC versión 0.9996, tal y como está empaquetado para determinadas distribuciones de Linux como la versión 0.9996-4, tiene una condición de carrera que conlleva a una escalada de privilegios root porque cualquier usuario puede reemplazar un archivo /tmp/sqliteodbc$$ con nuevos contenidos que causan una carga de una biblioteca arbitraria. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00026.html http://www.ch-werner.de/sqliteodbc https://bugzilla.redhat.com/show_bug.cgi?id=1825762 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDS5RK7F47BRXHUYRWGMGLYU2GJEVZQA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PR6B33IGBADGYDBTEEU36OGERER2HOGQ https://lists.fedoraproject.org/archives/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-10663 – rubygem-json: Unsafe object creation vulnerability in JSON
https://notcve.org/view.php?id=CVE-2020-10663
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. La gema JSON versiones hasta 2.2.0 para Ruby, como es usado en Ruby versiones 2.4 hasta 2.4.9, versiones 2.5 hasta 2.5.7 y versiones 2.6 hasta 2.6.5, tiene una Vulnerabilidad de Creación de Objetos No Segura. Esto es bastante similar a CVE-2013-0269, pero no se basa en un comportamiento inapropiado garbage-collection dentro de Ruby. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html http://seclists.org/fulldisclosure/2020/Dec/32 https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r8d2e174230f6d26e16c0 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2020-10704
https://notcve.org/view.php?id=CVE-2020-10704
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. Se encontró un fallo cuando se usa samba como un Active Directory Domain Controller. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704 https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4 htt • CWE-674: Uncontrolled Recursion •