CVE-2019-11479 – kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service
https://notcve.org/view.php?id=CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. Jonathan Looney descubrió que el tamaño máximo de segmento (MSS) por defecto del kernel de Linux está codificado a 48 bytes. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/108818 https://access.redhat.com/errata/RHSA-2019:1594 https://access.redhat.com/errata/RHSA-2019:1602 https://access.redhat.com/errata/RHSA-2019:1699 https://access.redhat.com/security/vulnerabili • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-10126 – kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
https://notcve.org/view.php?id=CVE-2019-10126
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Se encontró un defecto en el kernel de Linux. Un desbordamiento de búfer en la región heap de la memoria en la función mwifiex_uap_parse_tail_ies en el archivo drivers/net/wireless/marvell/mwifiex/ie.c, podría provocar corrupción de la memoria y posiblemente otras consecuencias. A flaw was found in the mwifiex implementation in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108817 https://access.redhat.com/errat • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-3888 – undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
https://notcve.org/view.php?id=CVE-2019-3888
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) Se encontró una vulnerabilidad en servidor web de Undertow versión anterior a 2.0.21. Una exposición de información de las credenciales de texto plano por medio de los archivos de registro porque Connectors.executeRootHandler:402 registra el objeto HttpServerExchange en el nivel de ERROR usando UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange) • http://www.securityfocus.com/bid/108739 https://access.redhat.com/errata/RHSA-2019:2439 https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2020:0727 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888 https://security.netapp.com/advisory/ntap-20220210-0019 https://access.redhat.com/security/cve/CVE-2019-3888 https://bugzilla.redhat.com/show_bug.cgi?id=1693777 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-10160 – python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
https://notcve.org/view.php?id=CVE-2019-10160
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. Se descubrió una regresión de seguridad de CVE-2019-9636 en python desde commit con ID d537ab0ff9767ef024f26246899728f0116b1ec3 que afecta a las versiones 2.7, 3.5, 3.6, 3.7 y de v3.8.0a4 a v3.8.0b1, el cual permite a un atacante explotar CVE-2019-9636 violando las partes usuario (user) y contraseña (password) de una URL. Cuando una aplicación analiza las URL proporcionadas por el usuario para almacenar cookies, credenciales de autenticación u otro tipo de información, es posible que un atacante proporcione URL especialmente creadas para que la aplicación ubique información relacionada con el host (por ejemplo, cookies, datos de autenticación) y envíe a un host diferente al que debería, a diferencia de si las URL se analizaron correctamente. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:1587 https://access.redhat.com/errata/RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:2437 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e • CWE-172: Encoding Error CWE-522: Insufficiently Protected Credentials •
CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •