CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2017-1002201
https://notcve.org/view.php?id=CVE-2017-1002201
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. En haml versiones anteriores a la versión 5.0.0.beta.2, cuando se usa la entrada del usuario para realizar tareas en el servidor, los caracteres como ( ) " ' necesitan escaparse apropiadamente. En este caso, el carácter ' se perdió. • https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2 https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html https://security.gentoo.org/glsa/202007-27 https://snyk.io/vuln/SNYK-RUBY-HAML-20362 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 32%CPEs: 47EXPL: 21CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro incorrecto, mediante la invocación sudo con un ID de usuario creado. Por ejemplo, esto permite la omisión de la configuración root y el registro USER= para un comando "sudo -u \#$((0xffffffff))". • https://www.exploit-db.com/exploits/47502 https://github.com/n0w4n/CVE-2019-14287 https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287 https://github.com/CMNatic/Dockerized-CVE-2019-14287 https://github.com/axax002/sudo-vulnerability-CVE-2019-14287 https://github.com/N3rdyN3xus/CVE-2019-14287 https://github.com/DewmiApsara/CVE-2019-14287 https://github.com/MariliaMeira/CVE-2019-14287 https://github.com/edsonjt81/CVE-2019-14287- https://github.com/SachinthaDeSilva-cmd& • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-17542
https://notcve.org/view.php?id=CVE-2019-17542
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. FFmpeg versiones anteriores a 4.2, presenta un desbordamiento de búfer en la región heap de la memoria en la función vqa_decode_chunk debido a un acceso fuera de la matriz en la función vqa_decode_init en el archivo libavcodec/vqavideo.c. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2 https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html https://security.gentoo.org/glsa/202003-65 https://usn.ubuntu.com/4431-1 https://www.debian.org/security/2020/dsa-4722 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-17545
https://notcve.org/view.php?id=CVE-2019-17545
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. GDAL versiones hasta 3.0.1, presenta una vulnerabilidad de doble liberación de poolDestroy en la función OGRExpatRealloc en el archivo ogr/ogr_expat.cpp cuando se excede el umbral de 10 MB. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-415: Double Free •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17670 – WordPress Core < 5.2.4 - Server Side Request Forgery #2
https://notcve.org/view.php?id=CVE-2019-17670
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque las rutas (paths) de Windows son manejadas inapropiadamente durante cierta comprobación de las URL relativas. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46472 https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00010.html https://wordpress.org/news/2019/10/wordpress-5-2-4-security-r • CWE-918: Server-Side Request Forgery (SSRF) •