CVE-2020-25829
https://notcve.org/view.php?id=CVE-2020-25829
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Se ha encontrado un problema en PowerDNS Recursor versiones anteriores a 4.1.18, versiones 4.2.x anteriores a 4.2.5 y versiones 4.3.x anteriores a 4.3.5. Un atacante remoto puede causar que los registros en caché para un nombre dado sean actualizados al estado de comprobación de Bogus DNSSEC, en lugar de su estado DNSSEC Secure real, por medio de una consulta ANY de DNS. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html https://security.gentoo.org/glsa/202012-19 •
CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la detección del servicio, debido a un evento MGMT de desconexión redundante • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html https://bugzilla.redhat.com/show_bug.cgi?id=1884817 https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html https://security.gentoo.org/glsa/202011-01 https://www.debian.org/security/2021/dsa-4951& • CWE-415: Double Free CWE-416: Use After Free •
CVE-2020-15229 – Path traversal and files overwrite with unsquashfs
https://notcve.org/view.php?id=CVE-2020-15229
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00009.html https://github.com/hpcng/singularity/blob/v3.6.4/CHANGELOG.md#security-related-fixes https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e https://github.com/hpcng/singularity/pull/5611 https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-25645 – kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
https://notcve.org/view.php?id=CVE-2020-25645
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando IPsec está configurado para cifrar el tráfico para el puerto UDP específico usado por el túnel GENEVE, permitiendo a cualquier persona entre los dos endpoints leer el tráfico sin cifrar. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html https://bugzilla.redhat.com/show_bug.cgi?id=1883988 https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://security.netapp.com/advisory/ntap-20201103-0004 https://ww • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2020-26934
https://notcve.org/view.php?id=CVE-2020-26934
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3, permite un ataque de tipo XSS por medio de la funcionalidad de transformación mediante un enlace diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO https://lists.fedoraproject.org/archives/list/package-announce%40lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •