CVE-2019-20916 – python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py
https://notcve.org/view.php?id=CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. El paquete pip versiones anteriores a 19.2 para Python, permite un Salto de Directorio cuando una URL es proporcionada en un comando de instalación, porque un encabezado Content-Disposition puede tener ../ en un nombre de archivo, como es demostrado al sobrescribir el archivo /root/.ssh/authorized_keys. Esto ocurre en la función _download_http_url en el archivo _internal/download.py A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace https://github.com/pypa/pip/compare/19.1.1...19.2 https://github.com/pypa/pip/issues/6413 https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-24659 – gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent
https://notcve.org/view.php?id=CVE-2020-24659
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. Se detectó un problema en GnuTLS versiones anteriores a 3.6.15. Un servidor puede desencadenar una desreferencia del puntero NULL en un cliente TLS versión 1.3, si una alerta no_renegotiation es enviada con una sincronización no prevista y luego se produce un segundo protocolo de enlace no válido. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html https://gitlab.com/gnutls/gnutls/-/issues/1071 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N https://security.gentoo.org/glsa/202009-01 https://security.netapp.com/adviso • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVE-2020-24977 – libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. El proyecto de GNOME libxml2 v2.9.10 tiene una vulnerabilidad de sobre lectura del buffer global en xmlEncodeEntitiesInternal en libxml2/entities.c. El problema ha sido corregido en el commit 50f06b3e • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/ • CWE-125: Out-of-bounds Read •
CVE-2020-24553 – golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS
https://notcve.org/view.php?id=CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. Go versiones anteriores a 1.14.8 y versiones 1.15.x anteriores a 1.15.1, permite un ataque de tipo XSS porque text/html es el predeterminado para los manejadores de CGI/FCGI que carecen de un encabezado Content-Type A flaw was found in the Go standard library packages before upstream versions 1.15 and 1.14.8. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". This flaw allows an attacker to exploit this issue in applications using these packages by uploading crafted files, allowing a Cross-site Scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00002.html http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Sep/5 https://groups.google.com/forum/#%21topic/golang-announce/8wqlSbkLdPs https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZBO7Q73GGWBVYIKNH2HNN44Q5IQND5W https://security.netapp.com/advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24654
https://notcve.org/view.php?id=CVE-2020-24654
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. En KDE Ark versiones anteriores a 20.08.1, un archivo TAR diseñado con enlaces simbólicos puede instalar archivos fuera del directorio de extracción, como es demostrado mediante una operación de escritura en el directorio de inicio del usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00001.html https://bugzilla.suse.com/show_bug.cgi?id=1175857 https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd https://kde.org/info/security/advisory-20200827-1.txt https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXMMXNJDYOCJRZTESIUGHG6CS4RJKECX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-59: Improper Link Resolution Before File Access ('Link Following') •