CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5208 – remote code execution vulnerability in ipmitool
https://notcve.org/view.php?id=CVE-2020-5208
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. Se detectó que varias funciones en ipmitool versiones anteriores a 1.8.19, descuidan la comprobación apropiada de los datos recibidos desde una parte de la LAN remota, lo que puede conllevar a desbordamientos de búfer y potencialmente a una ejecución de código remota en el lado de ipmitool. Esto es especialmente peligroso si ipmitool se ejecuta como un usuario privilegiado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW https://lists.fedoraproject.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8632 – cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py
https://notcve.org/view.php?id=CVE-2020-8632
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. En cloud-init versiones hasta 19.4, la función rand_user_password en el archivo cloudinit/config/cc_set_passwords.py posee un pequeño valor predeterminado de pwlen, lo que facilita a atacantes adivinar las contraseñas. A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00042.html https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 https://github.com/canonical/cloud-init/pull/189 https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html https://access.redhat.com/security/cve/CVE-2020-8632 https://bugzilla.redhat.com/show_bug.cgi?id=1798728 • CWE-330: Use of Insufficiently Random Values CWE-521: Weak Password Requirements •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8631 – cloud-init: Use of random.choice when generating random password
https://notcve.org/view.php?id=CVE-2020-8631
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. cloud-init versiones hasta 19.4 se basa en Mersenne Twister para una contraseña aleatoria, lo que facilita a atacantes predecir contraseñas, porque la función rand_str en el archivo cloudinit/util.py llama a la función random.choice. A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00042.html https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 https://github.com/canonical/cloud-init/pull/204 https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html https://access.redhat.com/security/cve/CVE-2020-8631 https://bugzilla.redhat.com/show_bug.cgi?id=1798731 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0CVE-2020-0569 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0569
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Una escritura fuera de límites en los productos Intel® PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html https://access.redhat.com/security/cve/CVE-2020-0569 https://bugzilla.redhat.com/show_bug.cgi?id=1800600 • CWE-73: External Control of File Name or Path CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1711 – QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
https://notcve.org/view.php?id=CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Se detectó una fallo de acceso al búfer de la pila fuera de límites en la manera en que el controlador de iSCSI Block versiones 2.xx de QEMU hasta 2.12.0 incluyéndola, manejó una respuesta proveniente de un servidor iSCSI mientras se comprobaba el estado de un Logical Address Block (LBA) en una rutina iscsi_co_block_status(). Un usuario remoto podría usar este fallo para bloquear el proceso de QEMU, resultando en una denegación de servicio o posible ejecución de código arbitrario con privilegios del proceso de QEMU en el host. An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://access.redhat.com/errata/RHSA-2020:0669 https://access.redhat.com/errata/RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0731 https://access.redhat.com/errata/RHSA-2020:0773 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711 https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.gnu&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •