CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2020-15780 – kernel: lockdown: bypass through ACPI write via acpi_configfs
https://notcve.org/view.php?id=CVE-2020-15780
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Se detectó un problema en el archivo drivers/acpi/acpi_configfs.c en el kernel de Linux versiones anteriores a 5.7.7. Una inyección de tablas ACPI maliciosas por medio de configfs podría ser usada por atacantes para omitir el bloqueo y asegurar las restricciones de arranque, también se conoce como CID-75b0cea7bf30 A flaw was found in how the ACPI table loading through acpi_configfs was handled when the kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. • https://github.com/Annavid/CVE-2020-15780-exploit http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html http://www.openwall.com/lists/oss-security/2020/07/20/7 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2020/07/30/2 http://www.openwall.com/lists/oss-security/2020/07/30/3 https://cdn.kernel.org/pub/linux/kernel&# • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14697 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14697
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200717-0004 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2020-14697 https://bugzilla.redhat.com/show_bug.cgi?id=1865975 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14702 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14702
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200717-0004 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2020-14702 https://bugzilla.redhat.com/show_bug.cgi?id=1865976 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14680 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14680
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200717-0004 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2020-14680 https://bugzilla.redhat.com/show_bug.cgi?id=1865974 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14678 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200717-0004 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2020-14678 https://bugzilla.redhat.com/show_bug.cgi?id=1865973 •