CVSS: 7.5EPSS: 2%CPEs: 55EXPL: 0CVE-2021-25122 – Apache Tomcat h2c request mix-up
https://notcve.org/view.php?id=CVE-2021-25122
01 Mar 2021 — When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. Cuando se responde a nuevas peticiones de conexión h2c, Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41 y versiones 8.5.0 hasta 8.5.61, podrían duplicar los encabezados de petici... • http://www.openwall.com/lists/oss-security/2021/03/01/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 4%CPEs: 60EXPL: 0CVE-2021-25329 – Incomplete fix for CVE-2020-9484
https://notcve.org/view.php?id=CVE-2021-25329
01 Mar 2021 — The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. La corrección para el CVE-2020-9484 estaba incompleta. Cuando se usa Apache To... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2021-22112
https://notcve.org/view.php?id=CVE-2021-22112
23 Feb 2021 — Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. ... • http://www.openwall.com/lists/oss-security/2021/02/19/7 •
CVSS: 9.8EPSS: 94%CPEs: 13EXPL: 13CVE-2020-17530 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17530
11 Dec 2020 — Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. Una evaluación OGNL forzada, cuando se evalúa según la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota. Software afectado: Apache Struts versión 2.0.0 - Struts versión 2.5.25 The Apache Struts framework, when forced, performs double evaluation of attribute values assigned... • https://packetstorm.news/files/id/160721 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26237 – Prototype Pollution in highlight.js
https://notcve.org/view.php?id=CVE-2020-26237
24 Nov 2020 — Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be har... • https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 • CWE-20: Improper Input Validation CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 8.7EPSS: 57%CPEs: 77EXPL: 1CVE-2020-5421 – RFD Protection Bypass via jsessionid
https://notcve.org/view.php?id=CVE-2020-5421
19 Sep 2020 — In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante ... • https://github.com/pandaMingx/CVE-2020-5421 •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 0CVE-2019-0233
https://notcve.org/view.php?id=CVE-2019-0233
14 Sep 2020 — An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. Una anulación del permiso de acceso en Apache Struts versiones 2.0.0 hasta 2.5.20, puede causar una Denegación de Servicio al llevar a cabo una carga de archivo • https://cwiki.apache.org/confluence/display/ww/s2-060 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 93%CPEs: 6EXPL: 12CVE-2019-0230 – Apache Struts 2.5.20 - Double OGNL evaluation
https://notcve.org/view.php?id=CVE-2019-0230
14 Sep 2020 — Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Apache Struts versiones 2.0.0 hasta 2.5.20, forzó una evaluación OGNL doble, cuando se evaluaba en la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is ther... • https://packetstorm.news/files/id/160108 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 48%CPEs: 28EXPL: 3CVE-2019-17571 – log4j: deserialization of untrusted data in SocketServer
https://notcve.org/view.php?id=CVE-2019-17571
20 Dec 2019 — Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario remotamente cuando... • https://github.com/shadow-horse/CVE-2019-17571 • CWE-502: Deserialization of Untrusted Data •