Code:
=======================================
Vuln ID Summary CVSS Severity
=======================================
In this text dump the above show up after each other like this:
Vuln ID i.e. CVE-2020-15710
Summary Vulnerability short description
CVSS Severity LOW, MED, HIGH, etc.
=======================================
CVE-2020-15710
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.
Published: November 18, 2020; 10:15:12 PM -0500 V3.x:(not available)
V2.0:(not available)
CVE-2020-16127
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
Published: November 10, 2020; 11:15:12 PM -0500 V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-16126
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
Published: November 10, 2020; 11:15:12 PM -0500 V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-16125
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
Published: November 10, 2020; 12:15:11 AM -0500 V3.1: 6.8 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Published: November 06, 2020; 11:15:12 PM -0500 V3.1: 7.8 HIGH
V2.0: 2.1 LOW
CVE-2020-16121
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Published: November 06, 2020; 11:15:12 PM -0500 V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-15708
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
Published: November 05, 2020; 9:15:12 PM -0500 V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-15703
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.
Published: October 31, 2020; 12:15:10 AM -0400 V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-8790
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
Published: October 27, 2020; 4:15:19 PM -0400 V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-15238
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.
Published: October 27, 2020; 3:15:12 PM -0400 V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-15157
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.
Published: October 16, 2020; 1:15:11 PM -0400 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Published: October 07, 2020; 11:15:12 AM -0400 V3.1: 6.6 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2020-25641
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Published: October 06, 2020; 10:15:12 AM -0400 V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Published: October 02, 2020; 11:15:12 AM -0400 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Published: October 02, 2020; 11:15:12 AM -0400 V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-14378
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
Published: September 30, 2020; 3:15:12 PM -0400 V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-14377
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.
Published: September 30, 2020; 3:15:12 PM -0400 V3.1: 8.4 HIGH
V2.0: 3.6 LOW
CVE-2020-14376
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Published: September 30, 2020; 3:15:12 PM -0400 V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-14375
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Published: September 30, 2020; 3:15:12 PM -0400 V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Published: September 30, 2020; 2:15:26 PM -0400
There are THOUSANDS (over 8000) more. Again, most are fixed already, this is not a 'the sky is falling' post.....
Bookmarks