CVE-2020-25219 – libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion
https://notcve.org/view.php?id=CVE-2020-25219
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. La función url::recvline en el archivo url.cpp en libproxy versiones 0.4.x hasta 0.4.15, permite a un servidor HTTP remoto activar una recursividad no controlada por medio de una respuesta compuesta por una transmisión infinita que carece de un carácter newline. Esto conlleva al agotamiento de la pila. A flaw was found in libproxy in versions 0.4 through 0.4.15. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html https://github.com/libproxy/libproxy/issues/134 https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2 https://lists • CWE-674: Uncontrolled Recursion •
CVE-2020-25212 – kernel: TOCTOU mismatch in the NFS client code
https://notcve.org/view.php?id=CVE-2020-25212
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Una discrepancia de TOCTOU en el código del cliente NFS en el kernel de Linux versiones anteriores a 5.8.3, podría ser usada por atacantes locales para dañar la memoria o posiblemente tener otro impacto no especificado porque una comprobación de tamaño se encuentra en el archivo fs/nfs/nfs4proc.c en lugar de fs/nfs/nfs4xdr.c, también se conoce como CID-b4487b935452. A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVE-2020-1968 – Raccoon attack
https://notcve.org/view.php?id=CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. • https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html https://security.gentoo.org/glsa/202210-02 https://security.netapp.com/advisory/ntap-20200911-0004 https://usn.ubuntu.com/4504-1 https://www.openssl.org/news/secadv/20200909.txt https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.o • CWE-203: Observable Discrepancy •
CVE-2020-24379 – Yaws 2.0.7 XML Injection / Command Injection
https://notcve.org/view.php?id=CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Una implementación de WebDAV en el servidor web Yaws versiones 1.81 hasta 2.0.7, es vulnerable a una inyección de tipo XXE. Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities. • https://github.com/erlyaws/yaws/commits/master https://github.com/vulnbe/poc-yaws-dav-xxe https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://usn.ubuntu.com/4569-1 https://vuln.be/post/yaws-xxe-and-shell-injections https://www.debian.org/security/2020/dsa-4773 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-24916 – Yaws 2.0.7 XML Injection / Command Injection
https://notcve.org/view.php?id=CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. la implementación de CGI en el servidor web Yaws. (CVE-2020-24916) Una implementación de CGI en el servidor web Yaws versiones 1.81 hasta 2.0.7, es vulnerable a una inyección de comandos del Sistema Operativo. Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities. • https://github.com/erlyaws/yaws/commits/master https://github.com/vulnbe/poc-yaws-cgi-shell-injection https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://usn.ubuntu.com/4569-1 https://vuln.be/post/yaws-xxe-and-shell-injections https://www.debian.org/security/2020/dsa-4773 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •