CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegios originales pueden ser restaurados mediante una ejecución de zmodload de MODULE_PATH=/dir/with/module con un módulo que llama a la función setuid(). A flaw was found in zsh. • http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/53 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/59 http://zsh.sourceforge.net/releases.html https://github.com/XMB5/zsh-privileged-upgrade https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.3EPSS: 91%CPEs: 8EXPL: 10CVE-2020-8813 – Cacti 1.2.8 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. El archivo graph_realtime.php en Cacti versión 1.2.8, permite a atacantes remotos ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en una cookie, si un usuario invitado posee el privilegio graph real-time. graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege. • https://www.exploit-db.com/exploits/48145 https://www.exploit-db.com/exploits/48144 https://github.com/mhaskar/CVE-2020-8813 https://github.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime https://github.com/hexcowboy/CVE-2020-8813 https://github.com/0xm4ud/Cacti-CVE-2020-8813 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://packetstormsecurity.com/files/156537/Cacti- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 7%CPEs: 13EXPL: 1CVE-2020-9273
https://notcve.org/view.php?id=CVE-2020-9273
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. En ProFTPD versión 1.3.7, es posible corromper los grupos de memoria mediante la interrupción del canal de transferencia de datos. Esto conlleva a un uso de la memoria previamente liberada en la función alloc_pool en el archivo pool.c, y una posible ejecución de código remota. • https://github.com/ptef/CVE-2020-9273 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html http://www.openwall.com/lists/oss-security/2021/08/25/1 http://www.openwall.com/lists/oss-security/2021/09/06/2 https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/903 https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html https:/& • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-9308
https://notcve.org/view.php?id=CVE-2020-9308
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. El archivo archive_read_support_format_rar5.c en libarchive versiones anteriores a 3.4.2, intenta descomprimir un archivo RAR5 con un encabezado no válido o corrupto (tal y como un tamaño de encabezado de cero), conllevando a un SIGSEGV o posiblemente a otro impacto no especificado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 https://github.com/libarchive/libarchive/pull/1326 https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J76F7VU7HC3GBKG5SAKTRBOFOI3RGO6M https://security.gentoo.org/glsa/202003-28 https://usn.ubuntu.com/4293-1 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20479 – mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash
https://notcve.org/view.php?id=CVE-2019-20479
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. Se detectó un fallo en mod_auth_openidc versiones anteriores a 2.4.1. Se presenta un problema de redireccionamiento abierto en las URL con una barra diagonal y una barra diagonal inversa al principio. An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00036.html https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 https://github.com/zmartzone/mod_auth_openidc/pull/453 https://lists.debian.org/debian-lts-announce/2020/02/msg00035.html https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •