CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2020-15705 – GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
https://notcve.org/view.php?id=CVE-2020-15705
29 Jul 2020 — GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cuña, permitiendo que el arranque seguro sea omitido. Esto solo afe... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html • CWE-347: Improper Verification of Cryptographic Signature CWE-440: Expected Behavior Violation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10715 – openshift/console: text injection on error page via crafted url
https://notcve.org/view.php?id=CVE-2020-10715
28 Jul 2020 — A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. Se encontró una vulnerabilidad de suplantación de contenido en openshift/console versiones 3.11 y 4.x. Este fallo permite a un atacante crear una URL e inyectar texto arbitrario en la página de error que pare... • https://bugzilla.redhat.com/show_bug.cgi?id=1767665 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-15706 – GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
https://notcve.org/view.php?id=CVE-2020-15706
28 Jul 2020 — GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser de... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 1CVE-2020-15707 – GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
https://notcve.org/view.php?id=CVE-2020-15707
28 Jul 2020 — Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI ... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10752
https://notcve.org/view.php?id=CVE-2020-10752
12 Jun 2020 — A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. Se encontró un fallo en el OpenShift API Server, donde presento un fallo al proteger de manera suficiente a los OAuthTokens al filtrarlos en los registros cuando se produjo un ... • https://github.com/openshift/enhancements/pull/323 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 1%CPEs: 4EXPL: 0CVE-2020-7013 – kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)
https://notcve.org/view.php?id=CVE-2020-7013
03 Jun 2020 — Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. Kibana versiones anteriores a 6.8.9 y 7.7.0, contienen un fallo de contaminación de prototipo en TSVB. Un atacante autenticado con privilegios para crear visualizaciones ... • https://www.elastic.co/community/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 3%CPEs: 5EXPL: 1CVE-2020-10749 – containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
https://notcve.org/view.php?id=CVE-2020-10749
03 Jun 2020 — A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. Se detectó una vulnerabilidad en todas las versiones de containernetworking/plugins versiones anteriores a 0.8.6, que permite a contenedores malici... • https://github.com/knqyf263/CVE-2020-10749 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19352 – operator-framework/presto: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19352
04 May 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en operator-framework/presto como es enviado en Red Hat Openshift versión 4. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar ... • https://bugzilla.redhat.com/show_bug.cgi?id=1791534 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1760 – ceph: header-splitting in RGW GetObject has a possible XSS
https://notcve.org/view.php?id=CVE-2020-1760
23 Apr 2020 — A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Se encontró un fallo en Ceph Object Gateway, donde admite peticiones enviadas por un usuario anónimo en Amazon S3. Este fallo podría conllevar a posibles ataques de tipo XSS debido a una falta de neutralización apropiada de una entrada no segura. Adam Mohammed discovered that Ceph incorrectly ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1759 – Gentoo Linux Security Advisory 202105-39
https://notcve.org/view.php?id=CVE-2020-1759
13 Apr 2020 — A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. Se detectó una vulnerabilidad en Red Hat Ceph Storage versión 4 y Red Hat... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759 • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •