CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2020-13949 – libthrift: potential DoS when processing untrusted payloads
https://notcve.org/view.php?id=CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. En Apache Thrift versiones 0.9.3 hasta 0.13.0, los clientes RPC maliciosos podrían enviar mensajes cortos que resultarían en una gran asignación de memoria, conllevando potencialmente a una denegación de servicio A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability. • https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5%4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29582 – kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
https://notcve.org/view.php?id=CVE-2020-29582
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. En JetBrains Kotlin versiones anteriores a 1.4.21, una API Java vulnerable era usada para la creación de archivos y carpetas temporales. Un atacante era capaz de leer datos de dichos archivos y enumerar directorios debido a permisos no seguros • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-29582 https://bugzilla.redhat.com/show_bug.cgi?id=1930291 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21275 – CSRF in MediaWiki Report extension
https://notcve.org/view.php?id=CVE-2021-21275
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens. La extensión "Report" de MediaWiki presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF). Antes de la versión corregida, no había protección contra las comprobaciones de CSRF en Special:Report, por lo que las peticiones para reportar una revisión podrían ser falsificadas. • https://github.com/Kenny2github/Report/commit/f828dc6f73cdfaea5639edbf8ac7b326eeefb117 https://github.com/Kenny2github/Report/security/advisories/GHSA-9f3w-c334-jm2h https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 3CVE-2020-8554 – Kubernetes man in the middle using LoadBalancer or ExternalIPs
https://notcve.org/view.php?id=CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. El servidor de la API de Kubernetes en todas las versiones permite a un atacante que puede crear un servicio ClusterIP y establecer el campo spec.externalIPs, interceptar el tráfico a esa dirección IP. Adicionalmente, un atacante que sea capaz de parchear el estado (que se considera una operación privilegiada y no se debe típicamente otorgar a los usuarios) de un servicio LoadBalancer puede configurar el status.loadBalancer.ingress.ip con un efecto similar A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster. • https://github.com/jrmurray000/CVE-2020-8554 https://github.com/Dviejopomata/CVE-2020-8554 https://github.com/kubernetes/kubernetes/issues/97076 https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8 https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef82 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-283: Unverified Ownership •
CVSS: 8.1EPSS: 0%CPEs: 39EXPL: 1CVE-2020-28052 – bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
https://notcve.org/view.php?id=CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. Se detectó un problema en Legion of the Bouncy Castle BC Java versiones 1.65 y 1.66. El método de la utilidad OpenBSDBCrypt.checkPassword comparó datos incorrectos al comprobar la contraseña, permitiendo a unas contraseñas incorrectas indicar que coinciden con otras previamente en hash que eran diferentes A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. • https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E https://list • CWE-287: Improper Authentication •