CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-28196 – krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS
https://notcve.org/view.php?id=CVE-2020-28196
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. MIT Kerberos versión 5 (también se conoce como krb5) versiones anteriores a 1.17.2 y versiones 1.18.x anteriores a 1.18.3, permite una recursividad ilimitada por medio de un mensaje Kerberos codificado en ASN.1 porque el soporte de la biblioteca lib/krb5 /asn.1/asn1_encode.c para longitudes indefinidas BER carece un límite de recursividad A flaw was found in krb5. MIT Kerberos 5 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. • https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7 https://lists.fedoraproject.org/archives • CWE-674: Uncontrolled Recursion •
CVSS: 9.6EPSS: 0%CPEs: 86EXPL: 2CVE-2020-7750 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2020-7750
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. Esto afecta al paquete scratch-svg-renderer versiones anteriores a 0.2.0-prerelease.20201019174008. La función loadString no escapa un SVG apropiadamente, que se puede usar para inyectar elementos arbitrarios en el DOM por medio de la función _transformMeasurements • https://www.exploit-db.com/exploits/50079 https://github.com/ossf-cve-benchmark/CVE-2020-7750 https://github.com/LLK/scratch-svg-renderer/commit/9ebf57588aa596c4fa3bb64209e10ade395aee90 https://snyk.io/vuln/SNYK-JS-SCRATCHSVGRENDERER-1020497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2020-14000
https://notcve.org/view.php?id=CVE-2020-14000
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code is getExtensionIdForOpcode in serialization/sb3.js. The use of _ is incompatible with a protection mechanism in older versions, in which URLs were split and consequently deserialization attacks were prevented. NOTE: the scratch.mit.edu hosted service is not affected because of the lack of worker scripts. MIT Lifelong Kindergarten Scratch scratch-vm versiones anteriores a 0.2.0-prerelease.20200714185213, carga una URL de extensión de archivos project.json no confiables con determinados caracteres _, resultando en una ejecución de código remota porque el contenido de la URL es tratado como un script y es ejecutado como un trabajador. • https://github.com/ossf-cve-benchmark/CVE-2020-14000 https://github.com/LLK/scratch-vm/pull/2476 https://scratch.mit.edu/discuss/topic/422904/?page=1#post-4223443 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14844
https://notcve.org/view.php?id=CVE-2019-14844
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. Se encontró un fallo en Fedora versiones de krb5 desde 1.16.1 hasta 1.17.x (incluyéndola), en la manera en que un cliente de Kerberos podría bloquear el KDC mediante el envío de uno de los "enctypes" 4556 de RFC. Un usuario no autenticado remoto podría utilizar este fallo para bloquear el KDC. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844 https://github.com/krb5/krb5/pull/981 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK https://security.netapp.com/advisory/ntap-20220325-0003 • CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20217
https://notcve.org/view.php?id=CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. Se ha descubierto un problema de aserción alcanzable en el KDC en MIT Kerberos 5 (también conocido como krb5), en versiones anteriores a la 1.17. Si un atacante puede obtener un ticket krbtgt mediante un tipo de cifrado más antiguo (DES, Triple DES o RC4), este puede provocar el cierre inesperado de KDC realizando una petición S4U2Self. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086 https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O https://security.netapp.com/advisory/ntap-20190416-0006 • CWE-617: Reachable Assertion •