Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2020-24217: Backdoors and other vulnerabilities in HiSilicon based hardware video encoders

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution.

CVE
Open in Source
#vulnerability#web#mac#windows#ubuntu#linux#dos#js#git
CVE-2020-14393: DBI::Changes

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-24379: Commits · erlyaws/yaws

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.

CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

CVE-2019-20916: pip install <url> allow directory traversal, leading to arbitrary file write · Issue #6413 · pypa/pip

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

CVE-2020-24659: CVE-2020-24659: read-heap-buffer-overflow found by fuzz (#1071) · Issues · gnutls / GnuTLS · GitLab

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

CVE-2020-11579: GitHub - ShielderSec/CVE-2020-11579: Exploit code for CVE-2020-11579, an arbitrary file disclosure through the MySQL client in PHPKB

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

CVE-2020-15704: USN-4451-2: ppp vulnerability | Ubuntu security notices | Ubuntu

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

CVE-2020-15862: #965166 - snmpd privilege escalation

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.