CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-13038 – mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft
https://notcve.org/view.php?id=CVE-2019-13038
29 Jun 2019 — mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. mod_auth_mellon hasta versión 0.14.2, presenta un problema de Redireccionamiento Abierto por medio de la subcadena login?ReturnTo=, como es demostrado al omitir el // después de http: en la URL de destino. The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants ac... • https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2CVE-2019-12387 – python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods
https://notcve.org/view.php?id=CVE-2019-12387
10 Jun 2019 — In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. En las versiones anteriores a 19.2.1. de Twisted, twisted.web no validó ni saneó los URIs o los métodos HTTP, permitiendo que un atacante inyecte caracteres no válidos tales como CRLF. it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possib... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-20781 – Ubuntu Security Notice USN-3894-1
https://notcve.org/view.php?id=CVE-2018-20781
12 Feb 2019 — In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. En pam/gkr-pam-module.c en GNOME Keyring, en versiones anteriores a la 3.27.2, la contraseña del usuario se mantiene en un proceso hijo de sesión que se genera en el demonio LightDM. Esto puede exponer las credenciales en texto claro. It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the... • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1165 – Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1165
12 Feb 2018 — This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage t... • https://help.joyent.com/hc/en-us/articles/360000124928 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •