CVSS: 2.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-27351 – Various memory and file descriptor leaks in apt-python
https://notcve.org/view.php?id=CVE-2020-27351
10 Dec 2020 — Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1; Se encontraron varios filtrados de memoria y descriptores de archivos en los archivos python/arfile.cc, python/tag.cc, python/tarfil... • https://bugs.launchpad.net/bugs/1899193 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-29385 – Gentoo Linux Security Advisory 202012-15
https://notcve.org/view.php?id=CVE-2020-29385
09 Dec 2020 — GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. GNOME g... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16128 – Aptdaemon error messages disclosed file existence to unprivileged users via dbus properties
https://notcve.org/view.php?id=CVE-2020-16128
09 Dec 2020 — The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. La interfaz DBus de aptdaemon divulgó la existencia de archivos al ajustar las propiedades de Terminal/DebconfSocket, también se conoce como GHSL-2020-192 y GHSL-2020-196. Esto afectó a versiones anteriores a 1.1.1+bzr982-0ubunt... • https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27349 – aptdaemon performed policykit permissions checks too late
https://notcve.org/view.php?id=CVE-2020-27349
09 Dec 2020 — Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. Aptdaemon llevó a cabo comprobaciones de policykit después de interactuar con archivos potencialmente no confiables con privilegios elevados. Esto afectó a versiones anteriores a 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, ... • https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193 • CWE-862: Missing Authorization •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16123 – Bypass of snapd pulseaudio restrictions
https://notcve.org/view.php?id=CVE-2020-16123
24 Nov 2020 — An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. Un parche específico de Ubuntu en PulseAudio creó ... • https://launchpad.net/bugs/1895928 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •