CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-13038 – mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft
https://notcve.org/view.php?id=CVE-2019-13038
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. mod_auth_mellon hasta versión 0.14.2, presenta un problema de Redireccionamiento Abierto por medio de la subcadena login?ReturnTo=, como es demostrado al omitir el // después de http: en la URL de destino. • https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 https://lists.debian.org/debian-lts-announce/2023/03/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5E3JVHURJJNDP63CKVX5O5MJAGCQV4K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XU5GVFZW3C2M4ZBL4F7UP7N24FNUCX4E https://usn.ubuntu.com/4291-1 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE- • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2CVE-2019-12387 – python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods
https://notcve.org/view.php?id=CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. En las versiones anteriores a 19.2.1. de Twisted, twisted.web no validó ni saneó los URIs o los métodos HTTP, permitiendo que un atacante inyecte caracteres no válidos tales como CRLF. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html https://usn.ubuntu.com/4308-1 htt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20781
https://notcve.org/view.php?id=CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. En pam/gkr-pam-module.c en GNOME Keyring, en versiones anteriores a la 3.27.2, la contraseña del usuario se mantiene en un proceso hijo de sesión que se genera en el demonio LightDM. Esto puede exponer las credenciales en texto claro. • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 https://bugzilla.gnome.org/show_bug.cgi?id=781486 https://github.com/huntergregal/mimipenguin https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3 https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2 https://usn.ubuntu.com/3894-1 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1165 – Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1165
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. • https://help.joyent.com/hc/en-us/articles/360000124928 https://www.oracle.com/security-alerts/cpuapr2020.html https://zerodayinitiative.com/advisories/ZDI-18-158 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •