CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2018-1000852 – freerdp: out of bounds read in drdynvc_process_capability_request
https://notcve.org/view.php?id=CVE-2018-1000852
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. FreeRDP 2.0.0-rc3, en versiones anteriores al commit con ID 205c612820dac644d665b5bb1cdf437dc5ca01e3, contiene una vulnerabilidad desconocida en channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request que puede resultar en que el servidor RDP sea capaz de leer la memoria del cliente. El cliente debe conectarse al servidor RDP con la opción "echo". • https://access.redhat.com/errata/RHSA-2019:2157 https://github.com/FreeRDP/FreeRDP/issues/4866 https://github.com/FreeRDP/FreeRDP/pull/4871 https://github.com/FreeRDP/FreeRDP/pull/4871/commits/baee520e3dd9be6511c45a14c5f5e77784de1471 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX https://usn.ubuntu.com/4379-1 https://access.redhat.com/security/cve/CVE-2018-1000852 https://bugzilla.redhat.com/show_bug.cgi?id=1661640 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-19790
https://notcve.org/view.php?id=CVE-2018-19790
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. Se ha descubierto una redirección abierta en Symfony en versiones 2.7.x anteriores a la 2.7.50, versiones 2.8.x anteriores a la 2.8.49, versiones 3.x anteriores a la 3.4.20, versiones 4.0.x anteriores a la 4.0.15, versiones 4.1.x anteriores a la 4.1.9 y versiones 4.2.x anteriores a la 4.2.1. Mediante el uso de barras invertidas en el campo de entrada "_failure_path" de los formularios de inicio de sesión, un atacante puede sortear las restricciones de destino de redirección y redirigir de forma efectiva al usuario a cualquier dominio una vez ha iniciado sesión. • http://www.securityfocus.com/bid/106249 https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ https://seclists.org/bugtraq/2019/May/21 https://sym • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20060 – python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure
https://notcve.org/view.php?id=CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. urllib3 en versiones anteriores a la 1.23 no elimina la cabecera HTTP Authorization al seguir una redirección cross-origin (i.e., una redirección que difiere en host, puerto o esquema). Esto puede permitir que las credenciales de la cabecera Authorization se expongan a hosts no planeados o se transmitan en texto claro. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html https://access.redhat.com/errata/RHSA-2019:2272 https://bugzilla.redhat.com/show_bug.cgi?id=1649153 https://github.com/urllib3/urllib3/blob/master/CHANGES.rst https://github.com/urllib3/urllib3/issues/1316 https://github.com/urllib3/urllib3/pull/1346 https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZ • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2018-20004
https://notcve.org/view.php?id=CVE-2018-20004
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. Se ha encontrado un problema en Mini-XML (también conocido como mxml) 2.12. Se trata de un desbordamiento de búfer basado en pila en mxml_write_node en mxml-file.c mediante vectores relacionados con un número de punto flotante con doble precisión y la subcadena "", tal y como queda demostrado con testmxml. • https://github.com/fouzhe/security/tree/master/mxml#stack-buffer-overflow-in-function-mxml_write_node https://github.com/michaelrsweet/mxml/issues/233 https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNWF6BAU7S42O4LE4B74KIMHFE2HDNMI • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20005
https://notcve.org/view.php?id=CVE-2018-20005
An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. Se ha encontrado un problema en Mini-XML (también conocido como mxml) 2.12. Es un uso de memoria previamente liberada en mxmlWalkNext en mxml-search.c, tal y como queda demostrado con mxmldoc. • https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext https://github.com/michaelrsweet/mxml/issues/234 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNWF6BAU7S42O4LE4B74KIMHFE2HDNMI • CWE-416: Use After Free •