CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 1CVE-2020-26116 – python: CRLF injection via HTTP request method in httplib/http.client
https://notcve.org/view.php?id=CVE-2020-26116
27 Sep 2020 — http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. http.client en Python 3.x antes de la versión 3.5.10, 3.6.x antes de la versión 3.6.12, 3.7.x antes de la versión 3.7.9, y 3.8.x antes de la versión 3.8.5 permite la inyección de CRLF si el atacante controla el método de petició... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-26088 – Ubuntu Security Notice USN-4578-1
https://notcve.org/view.php?id=CVE-2020-26088
24 Sep 2020 — A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Una falta de comprobación de CAP_NET_RAW en la creación de sockets NFC en el archivo net/nfc/rawsock.c en el Kernel de Linux versiones anteriores a 5.8.2, podría ser usada por unos atacantes locales para crear sockets sin procesar, omitiendo los mecanismos de seguridad, también se conoce como CID-... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919 – Ubuntu Security Notice USN-4534-1
https://notcve.org/view.php?id=CVE-2019-20919
17 Sep 2020 — An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14314 – kernel: buffer uses out of index in ext3/4 filesystem
https://notcve.org/view.php?id=CVE-2020-14314
15 Sep 2020 — A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con i... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14392 – Ubuntu Security Notice USN-4503-1
https://notcve.org/view.php?id=CVE-2020-14392
14 Sep 2020 — An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Se encontró un fallo de desreferencia del puntero no confiable en Perl-DBI versiones anteriores a 1.643. Un atacante local que es capaz de manipular llamadas a la función dbd_db_login6_sv() podría causar una corrupción de la memoria, afectando la disponibilidad del servicio Multiple vulnerabilities hav... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25285 – kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2020-25285
13 Sep 2020 — A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. Una condición de carrera entre los manejadores hugetlb sysctl en el archivo mm/hugetlb.c en el kernel de Linux versiones anteriores a 5.8.8, podría ser usada por atacantes locales para corromper la memoria, causar una desreferencia del puntero NULL o posiblemente... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-25212 – kernel: TOCTOU mismatch in the NFS client code
https://notcve.org/view.php?id=CVE-2020-25212
09 Sep 2020 — A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tam... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14345 – X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14345
08 Sep 2020 — A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en X.Org Server versiones anteriores a xorg-x11-server 1.20.9. Un acceso fuera de límites en la función XkbSetNames puede conllevar a una vulnerabilidad de escalada de privilegios. • http://www.openwall.com/lists/oss-security/2021/01/15/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2020-8620 – Gentoo Linux Security Advisory 202008-19
https://notcve.org/view.php?id=CVE-2020-8620
21 Aug 2020 — In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. En BIND versiones 9.15.6 -) 9.16.5, 9.17.0 -) 9.17.3, un atacante que puede establecer una conexión TCP con el servidor y enviar datos en esa conexión puede explotar esto para desencadenar el fallo de aserción, causando la salida del servidor. Emanuel Almeida discovered that Bind incorrectly ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8622 – A truncated TSIG response can lead to an assertion failure
https://notcve.org/view.php?id=CVE-2020-8622
21 Aug 2020 — In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the pack... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html • CWE-400: Uncontrolled Resource Consumption CWE-617: Reachable Assertion •