CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14314 – kernel: buffer uses out of index in ext3/4 filesystem
https://notcve.org/view.php?id=CVE-2020-14314
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con indexación rota. Este fallo permite a un usuario local bloquear el sistema si el directorio existe. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u https://usn.ubuntu. • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-24394 – kernel: umask not applied on filesystem without ACL support
https://notcve.org/view.php?id=CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. En el kernel de Linux versiones anteriores a 5.7.8, el archivo fs/nfsd/vfs.c (en el servidor NFS), puede establecer permisos incorrectos en nuevos objetos de un sistema de archivos cuando el sistema de archivos carece de soporte de ACL, también se conoce como CID-22cf8419f131. Esto ocurre porque no es considerada la umask actual. A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 https://security.netapp.com/advisory/ntap-20200904-0003 https://usn.ubuntu.com/4465-1 https://usn.ubuntu.com/4483-1 https://usn.ubuntu.com/4485-1 https://www.orac • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4582-1 https://www.starwindsoftware.com/security/sw-20220812-0003 https://access.redhat.com/security/cve/CVE-2019&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 27%CPEs: 19EXPL: 0CVE-2018-18584 – libmspack: Out-of-bounds write in mspack/cab.h
https://notcve.org/view.php?id=CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. En mspack/cab.h en libmspack en versiones anteriores a la 0.8alpha y cabextract en versiones anteriores a la 1.8, el búfer de entrada de bloques CAB es un byte más pequeño para el bloque Quantum máximo, lo que conduce a una escritura fuera de límites. • https://access.redhat.com/errata/RHSA-2019:2049 https://bugs.debian.org/911640 https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3814-1 https://usn.ubuntu.com/3814-2 https://usn.ubuntu.com/3814-3 https://www.cabextract.org.uk/#changes https://www.openwall.com/lists/oss-security/2018/10/22/1 https://www • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1CVE-2018-18585 – libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
https://notcve.org/view.php?id=CVE-2018-18585
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene "\0" como su primer o segundo carácter (como el nombre "/\0"). • https://access.redhat.com/errata/RHSA-2019:2049 https://bugs.debian.org/911637 https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3814-1 https://usn.ubuntu.com/3814-2 https://usn.ubuntu.com/3814-3 https://www.openwall.com/lists/oss-security/2018/10/22/1 https://www.starwindsoftware.com/security/sw-20181213-0002 • CWE-476: NULL Pointer Dereference •