CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18678 – squid: HTTP Request Splitting issue in HTTP message processing
https://notcve.org/view.php?id=CVE-2019-18678
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. • http://www.squid-cache.org/Advisories/SQUID-2019_10.txt http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch https://bugzilla.suse.com/show_bug.cgi?id=1156323 https://github.com/squid-cache/squid/pull/445 https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW5367 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 17%CPEs: 18EXPL: 0CVE-2019-18679 – squid: Information Disclosure issue in HTTP Digest Authentication
https://notcve.org/view.php?id=CVE-2019-18679
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. • http://www.squid-cache.org/Advisories/SQUID-2019_11.txt http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch https://bugzilla.suse.com/show_bug.cgi?id=1156324 https://github.com/squid-cache/squid/pull/491 https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW5367 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2019-19242
https://notcve.org/view.php?id=CVE-2019-19242
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. SQLite versión 3.30.1, maneja inapropiadamente pExpr-)y.pTab, como es demostrado por el caso TK_COLUMN en la función sqlite3ExprCodeTarget en el archivo expr.c. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c https://usn.ubuntu.com/4205-1 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19039
https://notcve.org/view.php?id=CVE-2019-19039
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case. ** EN DISPUTA ** __btrfs_free_extent en fs / btrfs / extension-tree.c en el kernel de Linux hasta la versión 5.3.12 llama a btrfs_print_leaf en un caso ENOENT determinado, lo que permite a los usuarios locales obtener información potencialmente confidencial sobre los valores de registro a través del programa dmesg. NOTA: El equipo de desarrollo de BTRFS cuestiona estos problemas por no ser una vulnerabilidad porque “1) El núcleo proporciona facilidades para restringir el acceso a la opción dmesg - dmesg_restrict = 1 sysctl. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://usn.ubuntu.com/4414-1 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-19221 – libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
https://notcve.org/view.php?id=CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. En Libarchive versión 3.4.0, la función archive_wstring_append_from_mbs en el archivo archive_string.c presenta una lectura fuera de límites debido a una llamada mbrtowc o mbtowc incorrecta. Por ejemplo, bsdtar se bloquea por medio de un archivo diseñado. • https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41 https://github.com/libarchive/libarchive/issues/1276 https://lists.debian.org/debian-lts-announce/2022/04/msg00020.html https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4 https://usn.ubuntu.com/4293-1 https://access.redhat.com/security/cve/CVE-2019-19221 https://bugzilla.redhat.com/show • CWE-125: Out-of-bounds Read •