CVE-2020-6932
https://notcve.org/view.php?id=CVE-2020-6932
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server. Una vulnerabilidad de divulgación de información y ejecución de código remota en el servidor web slinger de Development Platform de BlackBerry QNX Software versiones 6.4.0 hasta 6.6.0, podría permitir a un atacante leer archivos arbitrarios y ejecutar ejecutables arbitrarios en el contexto del servidor web • http://support.blackberry.com/kb/articleDetail?articleNumber=000061411 •
CVE-2020-11652 – SaltStack Salt Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Se descubrió un problema en SaltStack Salt versiones anteriores a la versión 2019.2.4 y versiones 3000 anteriores a 3000.2. La clase ClearFuncs del proceso Salt-master permite acceder a algunos métodos que sanean inapropiadamente las rutas. • https://www.exploit-db.com/exploits/48421 https://github.com/ssrsec/CVE-2020-11651-CVE-2020-11652-EXP https://github.com/Al1ex/CVE-2020-11652 https://github.com/limon768/CVE-2020-11652-POC https://github.com/fanjq99/CVE-2020-11652 https://github.com/appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html http://packetstormsecurit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-1938 – Apache Tomcat Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. • https://www.exploit-db.com/exploits/49039 https://www.exploit-db.com/exploits/48143 https://github.com/sgdream/CVE-2020-1938 https://github.com/xindongzhuaizhuai/CVE-2020-1938 https://github.com/laolisafe/CVE-2020-1938 https://github.com/sv3nbeast/CVE-2020-1938-Tomact-file_include-file_read https://github.com/fairyming/CVE-2020-1938 https://github.com/dacade/CVE-2020-1938 https://github.com/Hancheng-Lei/Hacking-Vulnerability-CVE-2020-1938-Ghostcat https://github.com/w4fz5uck5& • CWE-285: Improper Authorization •
CVE-2019-9506 – Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
https://notcve.org/view.php?id=CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. La especificación de Bluetooth BR/EDR incluyendo versión 5.1, permite una longitud de clave de cifrado suficientemente baja y no impide que un atacante influya en la negociación de longitud de clave. Esto permite ataques prácticos de fuerza bruta (también se conoce como "KNOB") que pueden descifrar el tráfico e inyectar texto cifrado arbitrario sin que la víctima se dé cuenta. A flaw was discovered in the Bluetooth protocol. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://www.cs.ox.ac.uk/publications/publication12404-abstract.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en https: • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2019-8998
https://notcve.org/view.php?id=CVE-2019-8998
An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. Una vulnerabilidad de divulgación de información que conlleva a una potencial escalada local de privilegios en el servicio procfs (el sistema de archivos /proc) de la Plataforma de Desarrollo de Software BlackBerry QNX versión 6.5.0 SP1 y anteriores, podría permitir a un atacante conseguir acceso no autorizado a un espacio de dirección de un proceso elegido. • http://support.blackberry.com/kb/articleDetail?articleNumber=000057178 •