CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20286
https://notcve.org/view.php?id=CVE-2021-20286
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. Se encontró un fallo en libnbd versión 1.7.3. Un error de aserción en la función nbd_unlocked_opt_go en la biblioteca ilb/opt.c puede causar una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1934727 https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25662 – kernel: Red Hat only CVE-2020-12352 regression
https://notcve.org/view.php?id=CVE-2020-25662
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. Se encontró un problema de regresión CVE-2020-12352 solo de Red Hat en la manera en que la implementación de la pila de Bluetooth del kernel de Linux manejaba la inicialización de la memoria de la pila al manejar determinados paquetes AMP. Este fallo permite a un atacante remoto en un rango adyacente filtrar pequeñas porciones de memoria de la pila en el sistema mediante el envío de paquetes AMP especialmente diseñados. • https://access.redhat.com/security/cve/CVE-2020-12352 https://access.redhat.com/security/vulnerabilities/BleedingTooth https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25662 https://bugzilla.redhat.com/show_bug.cgi?id=1891484 • CWE-284: Improper Access Control CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25661 – kernel: Red Hat only CVE-2020-12351 regression
https://notcve.org/view.php?id=CVE-2020-25661
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un problema de regresión CVE-2020-12351 solo de Red Hat en la manera en que la implementación de Bluetooth del kernel de Linux manejaba los paquetes L2CAP con A2MP CID. Este fallo permite a un atacante remoto en un rango adyacente bloquear el sistema, causando una denegación de servicio o ejecutando potencialmente código arbitrario en el sistema mediante el envío de un paquete L2CAP especialmente diseñado. • https://access.redhat.com/security/cve/CVE-2020-12351 https://access.redhat.com/security/vulnerabilities/BleedingTooth https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25661 https://bugzilla.redhat.com/show_bug.cgi?id=1891483 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •