Common Vulnerabilities & Exposures

CVEおよび対応表

モンタビスタでは、セキュリティの脅威に対応するためコミュニティおよびマーケットの状況を常時モニターしています。 影響のある製品には、CVEのスコア(NVD:脆弱性情報データベース)に沿って修正対応の優先順位の決定を行っています。以下は対策済および対策中のCVEとなります。

CVEに関するお問い合わせについては、こちらのアドレスまで「英文」にてお知らせください。> security@mvista.com

CVE Filters

CVE List 2020

CVE Score Severity Package Description Published
CVE-2020-8492 7.5 Serious python Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. January 31, 2020 04:01 am
CVE-2020-8450 7.3 Serious squid An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. February 5, 2020 05:02 am
CVE-2020-8648 7.1 Serious kernel There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. February 6, 2020 10:02 am
CVE-2020-8649 7.1 Serious kernel There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. February 6, 2020 10:02 am
CVE-2020-5208 8.8 Serious ipmitool It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. February 5, 2020 23:02 pm
CVE-2020-7059 5.3 Normal php When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. February 10, 2020 17:02 pm
CVE-2020-7060 6.7 Normal php When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. February 10, 2020 17:02 pm
CVE-2020-7221 6.5 Normal mariadb mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. February 5, 2020 02:02 am
CVE-2020-8608 7.8 Serious qemu In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. February 7, 2020 02:02 am
CVE-2020-8647 7.1 Serious kernel There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. February 6, 2020 10:02 am
CVE-2020-8517 7.5 Serious squid An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. February 5, 2020 05:02 am
CVE-2020-7053 6.2 Normal kernel In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. January 15, 2020 06:01 am
CVE-2020-7045 7.5 Serious wireshark In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. January 16, 2020 13:01 pm
CVE-2020-7044 7.5 Serious wireshark In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. January 16, 2020 13:01 pm
CVE-2020-6750 5.6 Normal glib GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. January 10, 2020 05:01 am
CVE-2020-2574 5.9 Normal mariadb Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). January 16, 2020 02:01 am
CVE-2020-1711 6.5 Normal qemu An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. February 12, 2020 05:02 am
CVE-2020-7595 7.5 Serious libxml2 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. January 22, 2020 08:01 am
CVE-2020-7039 7.8 Serious qemu tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. January 17, 2020 08:01 am
CVE-2020-7211 7.5 Serious qemu tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. January 22, 2020 02:01 am
CVE-2020-5504 7.3 Serious phpmyadmin In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. January 10, 2020 07:01 am
CVE-2020-8449 7.5 Serious squid An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. February 5, 2020 05:02 am
CVE-2020-8992 4.4 Normal kernel ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. February 14, 2020 14:02 pm
CVE-2020-0549 6.5 Normal kernel Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. January 28, 2020 10:01 am
CVE-2020-9308 6.6 Normal libarchive archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. February 20, 2020 16:02 pm
CVE-2020-8428 8.1 Serious kernel fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. January 29, 2020 09:01 am
CVE-2020-8315 7.1 Serious python In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. January 29, 2020 04:01 am
CVE-2020-0548 2.8 Low kernel Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. January 28, 2020 10:01 am
CVE-2020-9366 9.8 Critical screen A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. February 25, 2020 02:02 am
CVE-2020-9391 7.5 Serious kernel An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. February 26, 2020 03:02 am
CVE-2020-9383 5.3 Normal kernel An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. February 26, 2020 01:02 am
CVE-2020-9365 7.5 Serious pure-ftpd An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. February 25, 2020 01:02 am
CVE-2020-9327 7.5 Serious sqlite In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. February 22, 2020 07:02 am