CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16128 – Aptdaemon error messages disclosed file existence to unprivileged users via dbus properties
https://notcve.org/view.php?id=CVE-2020-16128
09 Dec 2020 — The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. La interfaz DBus de aptdaemon divulgó la existencia de archivos al ajustar las propiedades de Terminal/DebconfSocket, también se conoce como GHSL-2020-192 y GHSL-2020-196. Esto afectó a versiones anteriores a 1.1.1+bzr982-0ubunt... • https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27348 – snapcraft may build snaps with incorrect LD_LIBRARY_PATH
https://notcve.org/view.php?id=CVE-2020-27348
03 Dec 2020 — In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. En algunas condiciones, un paquete snap creado por snapcraft incluye el directorio actual en LD_LIBRARY_PATH, permitiendo a un snap malicioso conseguir una ejecución de có... • https://bugs.launchpad.net/bugs/1901572 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 1CVE-2020-29372 – Kernel Live Patch Security Notice LSN-0075-1
https://notcve.org/view.php?id=CVE-2020-29372
28 Nov 2020 — An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. Se detectó un problema en la función do_madvise en el archivo mm/madvise.c en el kernel de Linux versiones anteriores a 5.6.8. Se presenta una condición de carrera entre las operaciones de volcado de núcleo y la implementación de IORING_OP_MADVISE, también se conoce como CID-bc0c4d1e176e Piotr Krysiuk dis... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16123 – Bypass of snapd pulseaudio restrictions
https://notcve.org/view.php?id=CVE-2020-16123
24 Nov 2020 — An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. Un parche específico de Ubuntu en PulseAudio creó ... • https://launchpad.net/bugs/1895928 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 6%CPEs: 6EXPL: 0CVE-2020-28039 – WordPress Core < 5.5.2 - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2020-28039
29 Oct 2020 — is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. La función is_protected_meta en el archivo wp-includes/meta.php en WordPress versiones anteriores a 5.5.2, permite la eliminación arbitraria de archivos porque no determina apropiadamente si una clave meta es considerada protegida Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote atta... • https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28040 – WordPress Core < 5.5.2 - Cross-Site Request Forgery to Theme Image Change
https://notcve.org/view.php?id=CVE-2020-28040
29 Oct 2020 — WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. WordPress versiones anteriores a 5.5.2, permite ataques de tipo CSRF que cambian la imagen de fondo del tema Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files. • https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14837 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14837
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15157 – containerd can be coerced into leaking credentials during image pull
https://notcve.org/view.php?id=CVE-2020-15157
16 Oct 2020 — In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server... • https://github.com/containerd/containerd/releases/tag/v1.2.14 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16119 – DCCP CCID structure use-after-free
https://notcve.org/view.php?id=CVE-2020-16119
14 Oct 2020 — Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux explotable por un atacante local debido a la reutilización de un socket DCCP con un objeto dccps_hc_tx_ccid adjunto como ... • https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695 • CWE-416: Use After Free •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-16120 – Unprivileged overlay + shiftfs read access
https://notcve.org/view.php?id=CVE-2020-16120
14 Oct 2020 — Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify perm... • https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8 • CWE-266: Incorrect Privilege Assignment •