CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2019-10906 – python-jinja2: str.format_map allows sandbox escape
https://notcve.org/view.php?id=CVE-2019-10906
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. En Pallets Jinja, en versiones anteriores a la 2.10.1, str.format_map permite un escape de sandbox. A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html https://access.redhat.com/errata/RHSA-2019:1152 https://access.redhat.com/errata/RHSA-2019:1237 https://access.redhat.com/errata/RHSA-2019:1329 https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apac • CWE-138: Improper Neutralization of Special Elements •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-0217 – httpd: mod_auth_digest: access control bypass due to race condition
https://notcve.org/view.php?id=CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. En Apache HTTP Server 2.4 versión 2.4.38 y anteriores, una condición de carrera en mod_auth_digest cuando se ejecuta en un servidor multihilo podría permitir a un usuario con credenciales válidas autenticarse usando otro nombre de usuario, evitando las restricciones de control de acceso configuradas. A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html http://www.openwall.com/lists/oss-security/2019/04/02/5 http://www.securityfocus.com/bid/107668 https://access.redhat.com/errata/RHSA-2019:2343 https://access.redhat.com/errata/RHSA-2019:3436 https://access.redhat.com/errata/RHSA-2019:3932 https://access.red • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2019-9948 – python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
https://notcve.org/view.php?id=CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. urllib en Python, en versiones 2.x hasta la 2.7.16, soporta el esquema local_file:, lo que facilita que los atacantes remotos omitan los mecanismos de protección que ponen en lista negra los URI file:, tal y como queda demostrado con una llamada urllib.urlopen('local_file:///etc/passwd'). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html http://www.securityfocus.com/bid/107549 https://access.redhat.com/errata/RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3520 https://bugs.python.o • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9924 – bash: BASH_CMD is writable in restricted bash shells
https://notcve.org/view.php?id=CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. rbash en Bash • http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441 https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html https://security.netapp.com/advisory/ntap-20190411-0001 https://usn.ubuntu.com/4058-1 https://usn.ubuntu.com/4058-2 https://access.redhat.com/security/cve/CVE-2019-9924 https://bugzilla.r • CWE-138: Improper Neutralization of Special Elements CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2019-9675
https://notcve.org/view.php?id=CVE-2019-9675
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible. ** EN DISPUTA ** Se ha detectado un fallo en PHP, en las versiones 7.x anteriores a la 7.1.27 y en las 7.3.x anteriores a la 7.3.3. phar_tar_writeheaders_int tiene un desbordamiento de búfer mediante un valor de enlace largo. NOTA: el fabricante indica que el valor de enlace se utiliza solamente cuando un archivo contiene un symlink, algo que actualmente no puede ocurrir: "Este fallo facilita el compromiso teórico de la seguridad. Sin embargo, un ataque práctico es normalmente imposible." • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://php.net/ChangeLog-7.php https://bugs.php.net/bug.php?id=77586 https://usn.ubuntu.com/3922-2 https://usn.ubuntu.com/3922-3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •