CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16782 – Possible Information Leak / Session Hijack Vulnerability in Rack
https://notcve.org/view.php?id=CVE-2019-16782
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html http://www.openwall.com/lists/oss-security/2019/12/18/2 http://www.openwall.com/lists/oss-security/2019/12/18/3 http://www.openwall.com/lists/oss-security/2019/12/19/3 http://www.openwall.com/lists/oss-security/2020/04/08/1 http://www.openwall.com/lists/oss-security/2020/04/09/2 https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38 https://github.com/rack/rack/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16779 – In RubyGem excon, interrupted Persistent Connections May Leak Response Data
https://notcve.org/view.php?id=CVE-2019-16779
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. En RubyGem excon versiones anteriores a 0.71.0, se presentó una condición de carrera alrededor de conexiones persistentes, donde una conexión que es interrumpida (tal y como, mediante un tiempo de espera) dejaría datos en el socket. Las peticiones posteriores entonces leerían estos datos y devolverían el contenido de la respuesta anterior. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00062.html https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29 https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9 https://lists.debian.org/debian-lts-announce/2020/01/msg00015.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 2CVE-2019-18804
https://notcve.org/view.php?id=CVE-2019-18804
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. DjVuLibre versión 3.5.27, presenta una desreferencia del puntero NULL en la función DJVU::filter_fv en el archivo IW44EncodeCodec.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AW • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2015-8980
https://notcve.org/view.php?id=CVE-2015-8980
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. La fórmula de forma plural en la familia de llamadas ngettext en php-gettext versiones anteriores a la versión 1.0.12, permite a atacantes remotos ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html http://seclists.org/fulldisclosure/2016/Aug/76 http://www.openwall.com/lists/oss-security/2017/01/18/4 http://www.securityfocus.com/bid/95754 https://bugzilla.redhat.com/show_bug.cgi?id=1367462 https://launchpad.net/php-gettext/trunk/1.0.12 https://lwn.net/Alerts/708838 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ https://lists.fedoraproject.org/archives/list/p • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •