CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25660 – ceph: CEPHX_V2 replay attack protection lost
https://notcve.org/view.php?id=CVE-2020-25660
23 Nov 2020 — A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication exce... • https://bugzilla.redhat.com/show_bug.cgi?id=1890354 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14336 – openshift: restricted SCC allows pods to craft custom network packets
https://notcve.org/view.php?id=CVE-2020-14336
26 Oct 2020 — A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en las Restricciones de Contexto de Seguridad (SCC), que permite a los pods diseñar paquetes de red personalizados. Este fallo permite a un atacante causar un... • https://bugzilla.redhat.com/show_bug.cgi?id=1858981 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10763 – heketi: gluster-block volume password details available in logs
https://notcve.org/view.php?id=CVE-2020-10763
30 Sep 2020 — An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. Se encontró un fallo en la divulgación de información en la forma en que Heketi versiones anteriores a 10.1.0 registra información confidencial. Este fallo permite a un atacante con acceso local al servidor de Heketi leer información potencialmente confidencial, ... • https://bugzilla.redhat.com/show_bug.cgi?id=1845387 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-14370 – podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API
https://notcve.org/view.php?id=CVE-2020-14370
23 Sep 2020 — An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. Se encontró una vulnerabilidad de divulgación ... • https://bugzilla.redhat.com/show_bug.cgi?id=1874268 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10743 – kibana: X-Frame-Option not set by default might lead to clickjacking
https://notcve.org/view.php?id=CVE-2020-10743
16 Sep 2020 — It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking. Se detectó que la distribución Kibana OpenShift Container Platform (OCP) podía abrirse en un iframe, lo que permitía interceptar y manipular las peticiones. Este fallo permite a un atacante engañar a un usuari... • https://bugzilla.redhat.com/show_bug.cgi?id=1834550 • CWE-358: Improperly Implemented Security Check for Standard CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2020-15705 – GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
https://notcve.org/view.php?id=CVE-2020-15705
29 Jul 2020 — GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cuña, permitiendo que el arranque seguro sea omitido. Esto solo afe... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html • CWE-347: Improper Verification of Cryptographic Signature CWE-440: Expected Behavior Violation •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-15706 – GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
https://notcve.org/view.php?id=CVE-2020-15706
28 Jul 2020 — GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser de... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 1CVE-2020-15707 – GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
https://notcve.org/view.php?id=CVE-2020-15707
28 Jul 2020 — Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI ... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14298 – docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc
https://notcve.org/view.php?id=CVE-2020-14298
23 Jun 2020 — The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not ... • https://access.redhat.com/errata/RHBA-2020:0427 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10752
https://notcve.org/view.php?id=CVE-2020-10752
12 Jun 2020 — A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. Se encontró un fallo en el OpenShift API Server, donde presento un fallo al proteger de manera suficiente a los OAuthTokens al filtrarlos en los registros cuando se produjo un ... • https://github.com/openshift/enhancements/pull/323 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •