CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17590
https://notcve.org/view.php?id=CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. Once the user/victim clicks the "try again" button, the attacker can take over the account and perform unintended actions on the victim's behalf. NOTE: A third-party maintainer has stated that this CVE is a false report. They state that the csrf_callback function is actually a callback function to the callers own handler for output. • https://pastebin.com/01tDgq7u • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000814
https://notcve.org/view.php?id=CVE-2018-1000814
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value. aio-libs aiohttp-session, en versiones 2.6.0 y anteriores, contiene una vulnerabilidad desconocida en EncryptedCookieStorage y NaClCookieStorage que puede resultar en sesiones que no expiran/infinitas. El ataque parece ser explotable mediante la recreación de una cookie tras la expiración con el mismo valor. • https://github.com/aio-libs/aiohttp-session/issues/325 https://github.com/aio-libs/aiohttp-session/pull/331 • CWE-613: Insufficient Session Expiration •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7464
https://notcve.org/view.php?id=CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. En csrf-magic en versiones anteriores a la 1.0.4, si $GLOBALS['csrf']['secret'] no está configurado, el token Anti-CSRF empleado es predecible y permitiría que un atacante omita las protecciones CSRF. Esto se debe a que no se emplea un secreto generado automáticamente. • http://csrf.htmlpurifier.org/news/2013/0717-1.0.4-released http://repo.or.cz/csrf-magic.git/blob/HEAD:/NEWS.txt http://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10535
https://notcve.org/view.php?id=CVE-2016-10535
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. csrf-lite es una biblioteca de protección contra Cross-Site Request Forgery (CSRF) para los sitios node sin framework. csrf-lite emplea "===", una comparación de cadena "fail first", en lugar de una comparación de cadena "time constant". Esto permite que un atacante adivine el secreto en un máximo de (16*18)288 intentos, en lugar de los 16^18 intentos necesarios si no existiese un ataque de sincronización. • https://github.com/isaacs/csrf-lite/pull/1 https://nodesecurity.io/advisories/94 • CWE-208: Observable Timing Discrepancy CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-6648
https://notcve.org/view.php?id=CVE-2012-6648
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue. gdm/guest-session-cleanup.sh en gdm-guest-session 0.24 y anteriores, utilizado en Ubuntu Linux 10.04 LTS, 10.10 y 11.04, permite a usuarios locales eliminar archivos arbitrarios a través de un espacio en el nombre de un archivo en /tmp. NOTA: este identificador fue dividido (SPLIT) de CVE-2012-0943 por ADT1/ADT2 debido a bases de código y versiones afectadas diferentes. CVE-2012-0943 se utiliza para el asunto guest-account. • http://ubuntu.com/usn/usn-1399-1 https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044 https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff • CWE-264: Permissions, Privileges, and Access Controls •