CVSS: 6.5EPSS: 97%CPEs: 13EXPL: 7CVE-2020-11652 – SaltStack Salt Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Se descubrió un problema en SaltStack Salt versiones anteriores a la versión 2019.2.4 y versiones 3000 anteriores a 3000.2. La clase ClearFuncs del proceso Salt-master permite acceder a algunos métodos que sanean inapropiadamente las rutas. • https://www.exploit-db.com/exploits/48421 https://github.com/ssrsec/CVE-2020-11651-CVE-2020-11652-EXP https://github.com/Al1ex/CVE-2020-11652 https://github.com/limon768/CVE-2020-11652-POC https://github.com/fanjq99/CVE-2020-11652 https://github.com/appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html http://packetstormsecurit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 97%CPEs: 10EXPL: 10CVE-2020-11651 – SaltStack Salt Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. Se ha descubierto un fallo de salto de archivo en todas las versiones de ansible-engine 2.9.x anteriores a la versión 2.9.7, cuando se ejecuta una instalación de una colección ansible-galaxy. • https://www.exploit-db.com/exploits/48421 https://github.com/jasperla/CVE-2020-11651-poc https://github.com/ssrsec/CVE-2020-11651-CVE-2020-11652-EXP https://github.com/0xc0d/CVE-2020-11651 https://github.com/kevthehermit/CVE-2020-11651 https://github.com/RakhithJK/CVE-2020-11651 https://github.com/appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652 https://github.com/hardsoftsecurity/CVE-2020-11651-PoC http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00 •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-1752 – glibc: use-after-free in glob() function when expanding ~user
https://notcve.org/view.php?id=CVE-2020-1752
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. Una vulnerabilidad de uso de la memoria previamente liberada introducida en glibc versiones anteriores a la versión 2.14, se descubrió en la manera en que se llevó a cabo la expansión de tilde. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security.gentoo.org/glsa/202101-20 https://security.netapp.com/advisory/ntap-20200511-0005 https://sourceware.org/bugzilla/show_bug.cgi?id • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-11884 – Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2020-11884
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualización concurrente de la tabla de página, también se conoce como CID-3f777e19d171. Tambíen podría ocurrir un bloqueo A flaw was found in the Linux kernel on s390 architecture. The issue occurs on multiprocessing systems when one s390 CPU is in Secondary Address Mode and another CPU does a kernel page table upgrade. • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW https://lists.fedoraproject.org/archives/list/package-announce%4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •
CVSS: 7.5EPSS: 9%CPEs: 67EXPL: 1CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html https://bugs.openldap.org/show_bug.cgi?id=9202 https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html https://security.netapp.com/advisory/ntap-20200511-0003 https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4352-1 https&# • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •