CVSS: 8.1EPSS: 97%CPEs: 15EXPL: 15CVE-2020-0601 – Microsoft Windows CryptoAPI Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad en la manera en que Windows CryptoAPI (Crypt32.dll) comprueba los certificados Elliptic Curve Cryptography (ECC). Un atacante podría explotar la vulnerabilidad mediante el uso de un certificado de firma de código falsificado para firmar un ejecutable malicioso, haciendo que parezca que el archivo era de una fuente confiable y legítima, también se conoce como "Windows CryptoAPI Spoofing Vulnerability". Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. • https://www.exploit-db.com/exploits/47933 https://github.com/eastmountyxz/CVE-2020-0601-EXP https://github.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT https://github.com/RrUZi/Awesome-CVE-2020-0601 https://github.com/nissan-sudo/CVE-2020-0601 https://github.com/BlueTeamSteve/CVE-2020-0601 https://github.com/yanghaoi/CVE-2020-0601 https://github.com/MarkusZehnle/CVE-2020-0601 https://github.com/YoannDqr/CVE-2020-0601 https://github.com/SherlockSec/CVE-2020-0601 https • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2CVE-2019-17596 – golang: invalid public key causes panic in dsa.Verify
https://notcve.org/view.php?id=CVE-2019-17596
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. Go versiones anteriores a 1.12.11 y versiones 1.3.x anteriores a 1.13.2, puede entrar en pánico tras intentar procesar el tráfico de red que contiene una clave pública DSA no válida. Existen varios escenarios de ataque, tal y como el tráfico de un cliente hacia un servidor que comprueba los certificados del cliente. • https://github.com/pquerna/poc-dsa-verify-CVE-2019-17596 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html https://access.redhat.com/errata/RHSA-2020:0101 https://access.redhat.com/errata/RHSA-2020:0329 https://github.com/golang/go/issues/34960 https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https& • CWE-295: Improper Certificate Validation CWE-436: Interpretation Conflict •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2019-16276 – golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling
https://notcve.org/view.php?id=CVE-2019-16276
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Go versiones anteriores a 1.12.10 y versiones 1.13.x anteriores a 1.13.1, permitir el Trafico No Autorizado de Peticiones HTTP. It was discovered that net/http (through net/textproto) in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depending on the specific network configuration. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html https://access.redhat.com/errata/RHSA-2020:0101 https://access.redhat.com/errata/RHSA-2020:0329 https://access.redhat.com/errata/RHSA-2020:0652 https://github.com/golang/go/issues/34540 https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 1CVE-2019-14809 – golang: malformed hosts in URLs leads to authorization bypass
https://notcve.org/view.php?id=CVE-2019-14809
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. net / url in Go antes del 1.11.13 y 1.12.x antes del 1.12.8 maneja mal los hosts mal formados en las URL, lo que lleva a una omisión de autorización en algunas aplicaciones. Esto está relacionado con un campo Host con un sufijo que no aparece en Hostname () ni Port (), y está relacionado con un número de puerto no numérico. Por ejemplo, un atacante puede componer un javascript creado: // URL que da como resultado un nombre de host de google.com. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html https://access.redhat.com/errata/RHSA-2019:3433 https://github.com/golang/go/issues/29098 https://groups.google.com/forum/ • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11888
https://notcve.org/view.php?id=CVE-2019-11888
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. Repase la sección 1.12.5 de Windows, que trata mal la creación de procesos con un entorno nulo en combinación con un token no nulo, que permite a los atacantes obtener información confidencial u obtener privilegios. • https://go-review.googlesource.com/c/go/+/176619 • CWE-269: Improper Privilege Management •