CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27671 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27671
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado HVM y PVH de x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque la combinación de descargas... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27672 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27672
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del SO invitado x86 causar una denegación de servicio del SO host, lograr una corrupción de datos o posiblemente alcanzar privilegios mediante la explotación de una condici... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27674 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27674
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado de PV x86 alcanzar privilegios de SO invitado modificando el contenido de la memoria del kernel, porque una invalidación de las entradas TLB es manejada inapropiadamente durante el ... • http://www.openwall.com/lists/oss-security/2021/01/19/5 • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27675 – Ubuntu Security Notice USN-4679-1
https://notcve.org/view.php?id=CVE-2020-27675
22 Oct 2020 — An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. El archivo d... • http://www.openwall.com/lists/oss-security/2021/01/19/3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-27638 – Ubuntu Security Notice USN-4718-1
https://notcve.org/view.php?id=CVE-2020-27638
22 Oct 2020 — receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. En el archivo Receive.c en fastd versiones anteriores a v21, permite una denegación de servicio (fallo de aserción) cuando se reciben paquetes con un código de tipo no válido It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service. • https://bugs.debian.org/972521 • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-14812 – mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14812
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabili... • https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14785 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14785
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-14789 – mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14789
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14794 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14794
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14786 – mysql: Server: PS unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14786
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR •