CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25641 – kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
https://notcve.org/view.php?id=CVE-2020-25641
06 Oct 2020 — A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la implementación de biovecs del kernel de Linux en versione... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 1CVE-2020-7070 – PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
https://notcve.org/view.php?id=CVE-2020-7070
02 Oct 2020 — In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de ... • http://cve.circl.lu/cve/CVE-2020-8184 • CWE-20: Improper Input Validation CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2020-7069 – Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
https://notcve.org/view.php?id=CVE-2020-7069
02 Oct 2020 — In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando el modo AES-CCM es usado con la función openssl_encrypt() con 12 bytes IV, solo los primeros 7 bytes del IV e... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html • CWE-20: Improper Input Validation CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-26137 – python-urllib3: CRLF injection via HTTP request method
https://notcve.org/view.php?id=CVE-2020-26137
29 Sep 2020 — urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. urllib3 versiones anteriores a 1.25.9, permite una inyección de CRLF si el atacante controla el método de petición HTTP, como es demostrado al insertar caracteres de control CR y LF en el primer argumento de la función putrequest(). NOTA: esto es similar a CVE-2020-26116 A f... • https://bugs.python.org/issue39603 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16122 – Packagekit's apt backend lets user install untrusted local packages
https://notcve.org/view.php?id=CVE-2020-16122
24 Sep 2020 — PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. El backend apt de PackageKit trató erróneamente a todas las debs locales como confiables. El modelo de seguridad de apt se basa en la confianza del repositorio y no en el contenido de archivos individuales. • https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 • CWE-269: Improper Privilege Management CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14385 – kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt
https://notcve.org/view.php?id=CVE-2020-14385
15 Sep 2020 — A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
15 Sep 2020 — A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14314 – kernel: buffer uses out of index in ext3/4 filesystem
https://notcve.org/view.php?id=CVE-2020-14314
15 Sep 2020 — A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con i... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25285 – kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2020-25285
13 Sep 2020 — A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. Una condición de carrera entre los manejadores hugetlb sysctl en el archivo mm/hugetlb.c en el kernel de Linux versiones anteriores a 5.8.8, podría ser usada por atacantes locales para corromper la memoria, causar una desreferencia del puntero NULL o posiblemente... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25219 – libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion
https://notcve.org/view.php?id=CVE-2020-25219
09 Sep 2020 — url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. La función url::recvline en el archivo url.cpp en libproxy versiones 0.4.x hasta 0.4.15, permite a un servidor HTTP remoto activar una recursividad no controlada por medio de una respuesta compuesta por una transmisión infinita que carece de un carácter newline. Esto conlleva ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html • CWE-674: Uncontrolled Recursion •