CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-13249 – mariadb-connector-c: Improper validation of content in a OK packet received from server
https://notcve.org/view.php?id=CVE-2020-13249
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. La biblioteca libmariadb/mariadb_lib.c en MariaDB Connector/C versiones anteriores a 3.1.8 no comprueba apropiadamente el contenido de un paquete OK recibido desde un servidor. NOTA: aunque mariadb_lib.c se basó originalmente en el código enviado para MySQL, este problema no afecta a ningún componente de MySQL soportado por Oracle. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI https://lists.fedoraproject.org/archives/list/package-announce%40lis • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 91%CPEs: 77EXPL: 12CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor está configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager está configurado con sessionAttributeValueClassNameFilter="null" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicación de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petición específicamente diseñada, el atacante podrá ser capaz de desencadenar una ejecución de código remota mediante la deserialización del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga éxito. A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. • https://github.com/masahiro331/CVE-2020-9484 https://github.com/IdealDreamLast/CVE-2020-9484 https://github.com/osamahamad/CVE-2020-9484-Mass-Scan https://github.com/PenTestical/CVE-2020-9484 https://github.com/AssassinUKG/CVE-2020-9484 https://github.com/RepublicR0K/CVE-2020-9484 https://github.com/anjai94/CVE-2020-9484-exploit https://github.com/ColdFusionX/CVE-2020-9484 https://github.com/VICXOR/CVE-2020-9484 https://github.com/seanachao/CVE-2020-9484 https://github& • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11078 – CRLF injection in httplib2
https://notcve.org/view.php?id=CVE-2020-11078
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. En httplib2 versiones anteriores a 0.18.0, un atacante controla una parte no escapada de un uri para la función "httplib2.Http.request()" podía cambiar los encabezados y el cuerpo de las peticiones, enviar peticiones ocultas adicionales hacia el mismo servidor. Esta vulnerabilidad impacta al software que usa httplib2 con un uri construido mediante una concatenación en cadena, a diferencia de una construcción apropiada de urllib con escape. • https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13231
https://notcve.org/view.php?id=CVE-2020-13231
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. En Cacti versiones anteriores a 1.2.11, auth_profile.php?action=edit permite un ataque de tipo CSRF para un cambio de correo electrónico de administrador. • https://github.com/Cacti/cacti/issues/3342 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-13230
https://notcve.org/view.php?id=CVE-2020-13230
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). En Cacti versiones anteriores a 1.2.11, deshabilita una cuenta de usuario que no invalida inmediatamente los permisos concedidos a dicha cuenta (por ejemplo, el permiso para visualizar los registros). • https://github.com/Cacti/cacti/issues/3343 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B • CWE-281: Improper Preservation of Permissions •