CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2019-0223 – qpid-proton: TLS Man in the Middle Vulnerability
https://notcve.org/view.php?id=CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Mientras investigábamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librería de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma anónima utilizando TLS *incluso cuando está configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podría ser construido si un atacante puede interceptar el tráfico TLS. A cryptographic weakness was discovered in qpid-proton's use of TLS. • http://www.openwall.com/lists/oss-security/2019/04/23/4 http://www.securityfocus.com/bid/108044 https://access.redhat.com/errata/RHSA-2019:0886 https://access.redhat.com/errata/RHSA-2019:1398 https://access.redhat.com/errata/RHSA-2019:1399 https://access.redhat.com/errata/RHSA-2019:1400 https://access.redhat.com/errata/RHSA-2019:2777 https://access.redhat.com/errata/RHSA-2019:2778 https://access.redhat.com/errata/RHSA-2019:2779 https://access.redhat.com/errata/ • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 4CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-12022 – jackson-databind: improper polymorphic deserialization of types from Jodd-db library
https://notcve.org/view.php?id=CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Se ha descubierto un problema en FasterXML jackson-databind, en versiones anteriores a la 2.7.9.4, 2.8.11.2 y 2.9.6. Cuando "Default Typing" está habilitado (globalmente o para una propiedad en concreto), el servicio cuenta con el jar Jodd-db (para acceso a la base de datos del framework Jodd) en la ruta de clase; un atacante puede proporcionar un servicio LDAP para acceder y es posible hacer que el servicio ejecute una carga útil maliciosa. A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. • http://www.securityfocus.com/bid/107585 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0782 https://access.redhat.com/errata/RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:1106 https://access.redhat.com/errata/RHSA-2019:1107 https://access.redhat.com/errata/RHSA-2019:1108 https://access.redhat.com/errata/RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:1782 https://access.redhat.com/errata/RHSA-2019:1797& • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-12023 – jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
https://notcve.org/view.php?id=CVE-2018-12023
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Se ha descubierto un problema en FasterXML jackson-databind, en versiones anteriores a la 2.7.9.4, 2.8.11.2 y 2.9.6. Cuando "Default Typing" está habilitado (globalmente o para una propiedad en concreto), el servicio cuenta con el jar Oracle JDBC en la ruta de clase; un atacante puede proporcionar un servicio LDAP para acceder y es posible hacer que el servicio ejecute una carga útil maliciosa. A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. • http://www.securityfocus.com/bid/105659 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0782 https://access.redhat.com/errata/RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:1106 https://access.redhat.com/errata/RHSA-2019:1107 https://access.redhat.com/errata/RHSA-2019:1108 https://access.redhat.com/errata/RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:1782 https://access.redhat.com/errata/RHSA-2019:1797& • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
https://notcve.org/view.php?id=CVE-2019-6454
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un búfer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las páginas guard de la pila hasta una región de memoria no mapeada y desencadene una denegación de servicio (cierre inesperado del PID1 en systemd y pánico del kernel). It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/02/18/3 http://www.openwall.com/lists/oss-security/2019/02/19/1 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/107081 https://access.redhat.com/errata/RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0990 https://access • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •