CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11933 – local snapd exploit through cloud-init
https://notcve.org/view.php?id=CVE-2020-11933
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. cloud-init administrado por snapd en los dispositivos Ubuntu Core 16 y Ubuntu Core 18, se ejecutó sin restricciones en cada arranque, que un atacante físico podría explotar mediante el diseño de user-data/meta-data de cloud-init por medio de medios externos para llevar a cabo cambios arbitrarios en el dispositivo para omitir los mecanismos de seguridad previstos, como el cifrado de disco completo. Este problema no afectó a los sistemas tradicionales de Ubuntu. Se corrigió en snapd versión 2.45.2, revisión 8539 y core versión 2.45.2, revisión 9659 • https://launchpad.net/bugs/1879530 https://ubuntu.com/USN-4424-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11934 – Sandbox escape vulnerability via snapctl user-open (xdg-open)
https://notcve.org/view.php?id=CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. • https://launchpad.net/bugs/1880085 https://ubuntu.com/USN-4424-1 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20908 – kernel: lockdown: bypass through ACPI write via efivar_ssdt
https://notcve.org/view.php?id=CVE-2019-20908
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. Se detectó un problema en el archivo drivers/firmware/efi/efi.c en el kernel de Linux versiones anteriores a 5.4. Permisos de acceso incorrectos para la variable efivar_ssdt ACPI podrían ser usados por atacantes para omitir el bloqueo o asegurar las restricciones de arranque, también se conoce como CID-1957a85b0032 A flaw was found in how the ACPI table loading through the EFI variable (and the related efivar_ssdt boot option) was handled when the Linux kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://www.openwall.com/lists/oss-security/2020/07/20/6 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2020/07/30/2 http://www.openwall.com/lists/oss-security/2020/07/30/3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aa • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2020-15780 – kernel: lockdown: bypass through ACPI write via acpi_configfs
https://notcve.org/view.php?id=CVE-2020-15780
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Se detectó un problema en el archivo drivers/acpi/acpi_configfs.c en el kernel de Linux versiones anteriores a 5.7.7. Una inyección de tablas ACPI maliciosas por medio de configfs podría ser usada por atacantes para omitir el bloqueo y asegurar las restricciones de arranque, también se conoce como CID-75b0cea7bf30 A flaw was found in how the ACPI table loading through acpi_configfs was handled when the kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. • https://github.com/Annavid/CVE-2020-15780-exploit http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html http://www.openwall.com/lists/oss-security/2020/07/20/7 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2020/07/30/2 http://www.openwall.com/lists/oss-security/2020/07/30/3 https://cdn.kernel.org/pub/linux/kernel&# • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14697 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14697
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200717-0004 https://usn.ubuntu.com/4441-1 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2020-14697 https://bugzilla.redhat.com/show_bug.cgi?id=1865975 •