CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-0009 – Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN
https://notcve.org/view.php?id=CVE-2020-0009
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 En la función calc_vm_may_flags del archivo ashmem.c, hay una posible escritura arbitraria en la memoria compartida debido a una omisión de permisos. Esto podría conllevar a una escalada local de privilegios mediante la corrupción de la memoria compartida entre procesos, sin ser necesarios privilegios de ejecución adicionales. • https://www.exploit-db.com/exploits/47921 http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://source.android.com/security/bulletin/2020-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18625
https://notcve.org/view.php?id=CVE-2019-18625
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. • https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html https://redmine.openinfosecfoundation.org/issues/3286 https://redmine.openinfosecfoundation.org/issues/3395 •
CVSS: 9.1EPSS: 1%CPEs: 3EXPL: 2CVE-2019-18792
https://notcve.org/view.php?id=CVE-2019-18792
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. • https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html https://redmine.openinfosecfoundation.org/issues/3324 https://redmine.openinfosecfoundation.org/issues/3394 • CWE-436: Interpretation Conflict •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18179
https://notcve.org/view.php?id=CVE-2019-18179
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. Se descubrió un problema en Open Ticket Request System (OTRS) versiones 7.0.x hasta la versión 7.0.12, y Community Edition versiones 5.0.x hasta 5.0.38 y 6.0.x hasta 6.0.23. Un atacante que ha iniciado sesión en OTRS como un agente es capaz de enumerar los tickets asignados a otros agentes, inclusive los tickets en una cola donde el atacante no tiene permisos. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html •
CVSS: 9.8EPSS: 0%CPEs: 53EXPL: 0CVE-2019-20330 – jackson-databind: lacks certain net.sf.ehcache blocking
https://notcve.org/view.php?id=CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. FasterXML jackson-databind versiones 2.x anteriores a la versión 2.9.10.2, carece de cierto bloqueo de net.sf.ehcache. • https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2 https://github.com/FasterXML/jackson-databind/issues/2526 https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E • CWE-502: Deserialization of Untrusted Data •