ID MSF:EXPLOIT/UNIX/WEBAPP/OPENSIS_CHAIN_EXEC Type metasploit Reporter Rapid7 Modified 2020-10-02T20:00:37
Description
This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a Local File Inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
{"id": "MSF:EXPLOIT/UNIX/WEBAPP/OPENSIS_CHAIN_EXEC", "type": "metasploit", "bulletinFamily": "exploit", "title": "openSIS Unauthenticated PHP Code Execution", "description": "This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a Local File Inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.\n", "published": "2020-06-30T13:35:32", "modified": "2020-10-02T20:00:37", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2020-10-19T13:54:29", "viewCount": 100, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2020:1718-1", "OPENSUSE-SU-2020:1724-1", "OPENSUSE-SU-2020:1717-1", "OPENSUSE-SU-2020:1719-1", "OPENSUSE-SU-2020:1713-1", "OPENSUSE-SU-2020:1715-1", "OPENSUSE-SU-2020:1723-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4276", "ELSA-2020-4310", "ELSA-2020-4307"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"]}, {"type": "redhat", "idList": ["RHSA-2020:4310", "RHSA-2020:4312", "RHSA-2020:4315", "RHSA-2020:4316", "RHSA-2020:4317", "RHSA-2020:4311"]}, {"type": "ubuntu", "idList": ["USN-4599-1"]}, {"type": "gentoo", "idList": ["GLSA-202010-07"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:132460062C8A11A5A73F937DEAA67CB9"]}], "modified": "2020-10-19T13:54:29", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2020-10-19T13:54:29", "rev": 2}, "vulnersScore": 3.6}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/opensis_chain_exec.rb", "sourceData": "", "metasploitReliability": "", "metasploitHistory": ""}
{"oraclelinux": [{"lastseen": "2021-01-20T05:27:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25687", "CVE-2020-25685", "CVE-2020-25681", "CVE-2020-25683", "CVE-2020-25682", "CVE-2020-25686"], "description": "[2.79-13.1]\n- Fix various issues in dnssec validation (CVE-2020-25681)\n- Accept responses only on correct sockets (CVE-2020-25684)\n- Use strong verification on queries (CVE-2020-25685)", "edition": 1, "modified": "2021-01-20T00:00:00", "published": "2021-01-20T00:00:00", "id": "ELSA-2021-0150", "href": "http://linux.oracle.com/errata/ELSA-2021-0150.html", "title": "dnsmasq security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T03:29:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686"], "description": "[2.76-16.1]\n- Accept responses only on correct sockets (CVE-2020-25684)\n- Use strong verification on queries (CVE-2020-25685)\n- Handle multiple identical DNS queries better (CVE-2020-25686)\n- Link against nettle for sha256 hash implementation", "edition": 2, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "ELSA-2021-0153", "href": "http://linux.oracle.com/errata/ELSA-2021-0153.html", "title": "dnsmasq security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T03:35:04", "bulletinFamily": "unix", "cvelist": ["CVE-2020-26217"], "description": "[1.3.1-12]\n- Rebuild with OpenJDK 7\n[1.3.1-11]\n- Fix remote code execution vulnerability\n- Resolves: CVE-2020-26217", "edition": 2, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "ELSA-2021-0162", "href": "http://linux.oracle.com/errata/ELSA-2021-0162.html", "title": "xstream security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-01-19T14:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-1551", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-27813", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\nThe compliance-operator image updates are now available for OpenShift Container Platform 4.6.\n\nSecurity Fix(es):\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)\n\n* The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)\n\n* The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)\n\n* [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)\n\n* The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)\n\n* Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error \"something else exists at that path\" (BZ#1909081)\n\n* [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)", "modified": "2021-01-19T18:35:34", "published": "2021-01-19T18:29:21", "id": "RHSA-2021:0190", "href": "https://access.redhat.com/errata/RHSA-2021:0190", "type": "redhat", "title": "(RHSA-2021:0190) Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-19T14:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T18:10:03", "published": "2021-01-19T17:37:34", "id": "RHSA-2021:0153", "href": "https://access.redhat.com/errata/RHSA-2021:0153", "type": "redhat", "title": "(RHSA-2021:0153) Moderate: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T14:39:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T18:10:04", "published": "2021-01-19T17:37:20", "id": "RHSA-2021:0154", "href": "https://access.redhat.com/errata/RHSA-2021:0154", "type": "redhat", "title": "(RHSA-2021:0154) Moderate: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T14:39:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T18:10:04", "published": "2021-01-19T17:37:17", "id": "RHSA-2021:0155", "href": "https://access.redhat.com/errata/RHSA-2021:0155", "type": "redhat", "title": "(RHSA-2021:0155) Moderate: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T14:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T18:02:00", "published": "2021-01-19T17:37:12", "id": "RHSA-2021:0156", "href": "https://access.redhat.com/errata/RHSA-2021:0156", "type": "redhat", "title": "(RHSA-2021:0156) Moderate: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T14:38:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T17:56:01", "published": "2021-01-19T17:37:10", "id": "RHSA-2021:0150", "href": "https://access.redhat.com/errata/RHSA-2021:0150", "type": "redhat", "title": "(RHSA-2021:0150) Important: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T14:39:01", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T17:56:03", "published": "2021-01-19T17:36:51", "id": "RHSA-2021:0152", "href": "https://access.redhat.com/errata/RHSA-2021:0152", "type": "redhat", "title": "(RHSA-2021:0152) Important: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T14:41:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687"], "description": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T18:05:07", "published": "2021-01-19T17:36:50", "id": "RHSA-2021:0151", "href": "https://access.redhat.com/errata/RHSA-2021:0151", "type": "redhat", "title": "(RHSA-2021:0151) Important: dnsmasq security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T12:28:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25211"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T17:17:20", "published": "2021-01-19T17:13:13", "id": "RHSA-2021:0189", "href": "https://access.redhat.com/errata/RHSA-2021:0189", "type": "redhat", "title": "(RHSA-2021:0189) Important: kpatch-patch security update", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-19T12:28:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12321", "CVE-2020-16166", "CVE-2020-1971", "CVE-2020-27813", "CVE-2020-8177"], "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.5.3 images:\n\nRHEL-7-CNV-2.5\n==============\nkubevirt-ssp-operator-container-v2.5.3-2\n\nRHEL-8-CNV-2.5\n==============\nvirtio-win-container-v2.5.3-4\nhostpath-provisioner-container-v2.5.3-3\nkubevirt-kvm-info-nfd-plugin-container-v2.5.3-2\nkubevirt-template-validator-container-v2.5.3-4\nkubevirt-cpu-model-nfd-plugin-container-v2.5.3-1\nkubevirt-metrics-collector-container-v2.5.3-3\ncnv-containernetworking-plugins-container-v2.5.3-2\nkubemacpool-container-v2.5.3-2\nhostpath-provisioner-operator-container-v2.5.3-3\nkubevirt-cpu-node-labeller-container-v2.5.3-3\nnode-maintenance-operator-container-v2.5.3-2\novs-cni-marker-container-v2.5.3-2\nkubernetes-nmstate-handler-container-v2.5.3-2\ncluster-network-addons-operator-container-v2.5.3-3\novs-cni-plugin-container-v2.5.3-2\nbridge-marker-container-v2.5.3-2\nkubevirt-v2v-conversion-container-v2.5.3-2\nhyperconverged-cluster-operator-container-v2.5.3-3\nkubevirt-vmware-container-v2.5.3-2\ncnv-must-gather-container-v2.5.3-2\nvirt-api-container-v2.5.3-2\nvirt-handler-container-v2.5.3-2\nvirt-controller-container-v2.5.3-2\nvirt-launcher-container-v2.5.3-2\nvirt-operator-container-v2.5.3-2\nvirt-cdi-cloner-container-v2.5.3-4\nvirt-cdi-importer-container-v2.5.3-4\nvirt-cdi-controller-container-v2.5.3-4\nvirt-cdi-apiserver-container-v2.5.3-4\nvirt-cdi-operator-container-v2.5.3-4\nvirt-cdi-uploadserver-container-v2.5.3-4\nvirt-cdi-uploadproxy-container-v2.5.3-4\nvm-import-operator-container-v2.5.3-4\nvm-import-controller-container-v2.5.3-4\nvm-import-virtv2v-container-v2.5.3-4\nhco-bundle-registry-container-v2.5.3-80\n\nSecurity Fix(es):\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Container-native Virtualization 2.5.3 Images (BZ#1902961)", "modified": "2021-01-19T16:07:57", "published": "2021-01-19T16:01:30", "id": "RHSA-2021:0187", "href": "https://access.redhat.com/errata/RHSA-2021:0187", "type": "redhat", "title": "(RHSA-2021:0187) Moderate: OpenShift Virtualization 2.5.3 security and bug fix update", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-01-19T06:33:09", "bulletinFamily": "unix", "cvelist": [], "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. ", "modified": "2021-01-19T01:52:27", "published": "2021-01-19T01:52:27", "id": "FEDORA:B6BE0309FF1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: flatpak-1.8.5-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2021-01-19T17:52:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1285"], "description": "It was discovered that Apache Log4net incorrectly handled certain configuration files. \nAn attacker could possibly use this issue to expose sensitive information.", "edition": 1, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "USN-4699-1", "href": "https://ubuntu.com/security/notices/USN-4699-1", "title": "Apache Log4net vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-19T19:59:12", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12761"], "description": "Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. \nAn attacker could exploit this with a crafted .menu file to execute \narbitrary code.", "edition": 1, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "USN-4700-1", "href": "https://ubuntu.com/security/notices/USN-4700-1", "title": "PyXDG vulnerability", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-19T18:07:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25687", "CVE-2020-25685", "CVE-2020-25681", "CVE-2020-25683", "CVE-2019-14834", "CVE-2020-25682", "CVE-2020-25686"], "description": "Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled \nmemory when sorting RRsets. A remote attacker could use this issue to cause \nDnsmasq to hang, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2020-25681, CVE-2020-25687)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled \nextracting certain names. A remote attacker could use this issue to cause \nDnsmasq to hang, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2020-25682, CVE-2020-25683)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly \nimplemented address/port checks. A remote attacker could use this issue to \nperform a cache poisoning attack. (CVE-2020-25684)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly \nimplemented query resource name checks. A remote attacker could use this \nissue to perform a cache poisoning attack. (CVE-2020-25685)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled \nmultiple query requests for the same resource name. A remote attacker could \nuse this issue to perform a cache poisoning attack. (CVE-2020-25686)\n\nIt was discovered that Dnsmasq incorrectly handled memory during DHCP \nresponse creation. A remote attacker could possibly use this issue to \ncause Dnsmasq to consume resources, leading to a denial of service. This \nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 \nLTS. (CVE-2019-14834)", "edition": 1, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "USN-4698-1", "href": "https://ubuntu.com/security/notices/USN-4698-1", "title": "Dnsmasq vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
