CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1CVE-2020-10757 – kernel: kernel: DAX hugepages not considered during mremap
https://notcve.org/view.php?id=CVE-2020-10757
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Se encontró un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manejó DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=1842525 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC https://security.netapp.com/advisory/ntap-20200702-0004 https://usn.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2020-10761
https://notcve.org/view.php?id=CVE-2020-10761
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Se encontró un problema de fallo de aserción en el Network Block Device (NBD) en todas las versiones de QEMU anteriores a QEMU versión 5.0.1. Este fallo ocurre cuando un cliente nbd envía una petición que cumple con las especificaciones que está cerca del límite de la longitud máxima permitida de la petición. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761 https://security.gentoo.org/glsa/202011-09 https://security.netapp.com/advisory/ntap-20200731-0001 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/09/1 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2020-13962 – qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
https://notcve.org/view.php?id=CVE-2020-13962
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versión 1.3.0 y otros productos, maneja inapropiadamente la cola de errores de OpenSSL, lo que puede ser capaz de causar una denegación de servicio a usuarios de QSslSocket. Debido a que los errores se filtran en sesiones TLS no relacionadas, una sesión no relacionada puede ser desconectada cuando se comete un fallo en cualquier protocolo de enlace. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html https://bugreports.qt.io/browse/QTBUG-83450 https://github.com/mumble-voip/mumble/issues/3679 https://github.com/mumble-voip/mumble/pull/4032 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63 https://lists.fedoraproject.org/archives/list/package-annou • CWE-391: Unchecked Error Condition •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2020-13844
https://notcve.org/view.php?id=CVE-2020-13844
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." Las implementaciones principales de Arm Armv8-A, que usan la ejecución especulativa más allá de los cambios incondicionales en el flujo de control pueden permitir una divulgación no autorizada de información a un atacante con acceso de usuario local por medio de un análisis de canal lateral, también se conoce como "straight-line speculation." • http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-a • CWE-203: Observable Discrepancy •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13696
https://notcve.org/view.php?id=CVE-2020-13696
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/06/04/6 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696 https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab4 • CWE-863: Incorrect Authorization •