CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
https://notcve.org/view.php?id=CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4411-1 https://usn.ubuntu.com/4412-1 https://usn.ubuntu.com/4413-1 https://usn.ubuntu.com/4414-1 https://usn.ubuntu& • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2015-5741 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. La biblioteca net/http en el archivo net/http/transfer.go en Go versiones anteriores a 1.4.3, no analiza apropiadamente los encabezados HTTP, lo que permite a atacantes remotos llevar a cabo ataques de tráfico no autorizado de peticiones HTTP por medio de una petición que contiene campos de encabezado Content-Length y Transfer-Encoding . HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f https://access.redhat.com/security/cve/CVE-2015-5741 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1711 – QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
https://notcve.org/view.php?id=CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Se detectó una fallo de acceso al búfer de la pila fuera de límites en la manera en que el controlador de iSCSI Block versiones 2.xx de QEMU hasta 2.12.0 incluyéndola, manejó una respuesta proveniente de un servidor iSCSI mientras se comprobaba el estado de un Logical Address Block (LBA) en una rutina iscsi_co_block_status(). Un usuario remoto podría usar este fallo para bloquear el proceso de QEMU, resultando en una denegación de servicio o posible ejecución de código arbitrario con privilegios del proceso de QEMU en el host. An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://access.redhat.com/errata/RHSA-2020:0669 https://access.redhat.com/errata/RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0731 https://access.redhat.com/errata/RHSA-2020:0773 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711 https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.gnu&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-14818 – dpdk: possible memory leak leads to denial of service
https://notcve.org/view.php?id=CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. Se encontró un fallo en todas las versiones de dpdk 17.xx anteriores a 17.11.8, versiones 16.xx anteriores a 16.11.10, versiones 18.xx anteriores a 18.11.4 y versiones 19.xx anteriores a 19.08.1, donde un maestro malicioso o un contenedor con acceso al socket vhost_user, puede enviar mensajes de VRING_SET_NUM especialmente diseñados, resultando en una pérdida de memoria incluyendo descriptores de archivo. Este fallo podría conllevar a una condición de denegación de servicio. A flaw was found in dpdk where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. • https://access.redhat.com/errata/RHSA-2020:0165 https://access.redhat.com/errata/RHSA-2020:0166 https://access.redhat.com/errata/RHSA-2020:0168 https://access.redhat.com/errata/RHSA-2020:0171 https://access.redhat.com/errata/RHSA-2020:0172 https://bugs.dpdk.org/show_bug.cgi?id=363 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP https://access.redhat& • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-14846 – ansible: secrets disclosed on logs when no_log enabled
https://notcve.org/view.php?id=CVE-2019-14846
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. En Ansible, todas las versiones de Ansible Engine hasta ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, se registraban en el nivel DEBUG, lo que conlleva a la divulgación de credenciales si un plugin usó una biblioteca que registraba credenciales en el nivel DEBUG. Este defecto no afecta a los módulos de Ansible, ya que son ejecutados en un proceso separado. Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2019:3201 https://access.redhat.com/errata/RHSA-2019:3202 https://access.redhat.com/errata/RHSA-2019:3203 https://access.redhat.com/errata/RHSA-2019:3207 https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846 https://github.com/ansible/ansible • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •