Page 61 of 1863 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-19354 – operator-framework/hadoop: /etc/passwd is given incorrect privileges

https://notcve.org/view.php?id=CVE-2019-19354

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en operator-framework/hadoop como es enviado en Red Hat Openshift versión 4. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. • https://access.redhat.com/articles/4859371 https://bugzilla.redhat.com/show_bug.cgi?id=1791534 https://bugzilla.redhat.com/show_bug.cgi?id=1793278 https://access.redhat.com/security/cve/CVE-2019-19354 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-1749 – kernel: some ipv6 protocols not encrypted over ipsec tunnel

https://notcve.org/view.php?id=CVE-2020-1749

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Se encontró un fallo en una implementación del kernel de Linux de algunos protocolos de red en IPsec, como los túneles VXLAN y GENEVE sobre IPv6. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749 https://security.netapp.com/advisory/ntap-20201222-0001 https://access.redhat.com/security/cve/CVE-2020-1749 https://bugzilla.redhat.com/show_bug.cgi?id=1809833 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2020-1722 – ipa: No password length restriction leads to denial of service

https://notcve.org/view.php?id=CVE-2020-1722

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. Se encontró un fallo en todas las versiones de ipa 4.x.x hasta 4.8.0. Cuando se envía una contraseña muy larga al servidor (mayores o iguales a 1,000,000 caracteres), el proceso de hashing de contraseña podría agotar la memoria y la CPU, conllevando a una denegación de servicio y el sitio web dejaría de responder. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-1722 https://bugzilla.redhat.com/show_bug.cgi?id=1793071 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 2%CPEs: 54EXPL: 0

CVE-2020-11868 – ntp: DoS on client ntpd using server mode packet

https://notcve.org/view.php?id=CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronización no autenticada por medio de un paquete en modo server con una dirección IP de origen falsificado, porque las transmisiones son reprogramados aun cuando un paquete carece de una marca de tiempo de origen valido. A flaw was found in the Network Time Protocol (NTP), where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon (ntpd) from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet does not have a valid origin timestamp. If the packet is sent to the client frequently enough, it stops polling the server and is unable to synchronize with it. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html http://support.ntp.org/bin/view/Main/NtpBug3592 https://bugzilla.redhat.com/show_bug.cgi?id=1716665 https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200424-0002 https://www.oracle.com//security-alerts/cpujul2021.html https://access&# • CWE-346: Origin Validation Error CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-11669 – kernel: powerpc: guest can cause DoS on POWER9 KVM hosts

https://notcve.org/view.php?id=CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también se conoce como CID-53a712bae5dd. A flaw was found in the way Linux kernel running on the Power9 processor saves and restores its registers while going in and coming out of an idle state. The issue occurs when a guest kernel has Kernel Userspace Address Protection (KUAP) feature enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://access.redhat.com/errata/RHSA-2019:3517 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0 https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0 https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April • CWE-393: Return of Wrong Status Code •