CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-35523 – libtiff: Integer overflow in tif_getimage.c
https://notcve.org/view.php?id=CVE-2020-35523
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c. Este fallo permite a un atacante inyectar y ejecutar código arbitrario cuando un usuario abre un archivo TIFF diseñado. • https://bugzilla.redhat.com/show_bug.cgi?id=1932040 https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 https://gitlab.com/libtiff/libtiff/-/merge_requests/160 https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG https://security.gentoo.org/glsa/202104-06 https://security.netapp.com/advisory/ntap-20210521-0009 https://www.debian.org/ • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 1CVE-2020-27618 – glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop
https://notcve.org/view.php?id=CVE-2020-27618
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. La función iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones 2.32 y anteriores, cuando se procesa secuencias de entrada de múltiples bytes no validas en codificaciones IBM1364, IBM1371, IBM1388, IBM1390 e IBM1399, presenta un fallo al avanzar el estado de la entrada, lo que podría conllevar a un bucle infinito en las aplicaciones, resultando en una denegación de servicio, una vulnerabilidad diferente de CVE-2016-10228 A flaw was found in glibc. If an attacker provides the iconv function with invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, it fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security.gentoo.org/glsa/202107-07 https://security.netapp.com/advisory/ntap-20210401-0006 https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 https://sourceware.org/bugzilla/show_bug.cgi?id=26224 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-27618 https://bugzilla.redhat.com/show_bug.cgi? • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 1CVE-2021-23336 – Web Cache Poisoning
https://notcve.org/view.php?id=CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. El paquete python/cpython desde versiones 0 y anteriores a 3.6.13, desde versiones 3.7.0 y anteriores a 3.7.10, desde versiones 3.8.0 y anteriores a 3.8.8, desde versiones 3.9.0 y anteriores a 3.9.2, son vulnerables al envenenamiento de caché web por medio de urllib.parse.parse_qsl y urllib.parse.parse_qs usando un vector llamado encubrimiento de parámetros. Cuando el atacante puede separar los parámetros de la consulta usando un punto y coma (;), pueden causar una diferencia en la interpretación de la petición entre el proxy (que se ejecuta con la configuración predeterminada) y el servidor. • http://www.openwall.com/lists/oss-security/2021/02/19/4 http://www.openwall.com/lists/oss-security/2021/05/01/2 https://github.com/python/cpython/pull/24297 https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https:/&#x • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2021-21702 – Null Dereference in SoapClient
https://notcve.org/view.php?id=CVE-2021-21702
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. En PHP versiones 7.3.x por debajo de 7.3.27, 7.4.x por debajo de 7.4.15 y 8.0.x por debajo de 8.0.2, cuando se usa la extensión SOAP para conectarse a un servidor SOAP, un servidor SOAP malicioso podría devolver datos XML malformados como respuesta eso haría que PHP acceda a un puntero null y, por tanto, causaría un bloqueo A NULL pointer dereference issue is in the SOAP extension of PHP. More specifically, the flaw occurs in the SoapClient when parsing a WSDL document due to improper checking of a child node name. A malicious or compromised server replies with a crafted WSDL document, leading to a denial of service of the SoapClient accessing said document. The highest threat from this vulnerability is to system availability. • https://bugs.php.net/bug.php?id=80672 https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html https://security.gentoo.org/glsa/202105-23 https://security.netapp.com/advisory/ntap-20210312-0005 https://www.debian.org/security/2021/dsa-4856 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2021-21702 https://bugzilla.redhat.com/show_bug.cgi?id=1925272 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-7071 – FILTER_VALIDATE_URL accepts URLs with invalid userinfo
https://notcve.org/view.php?id=CVE-2020-7071
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. En PHP versiones 7.3.x por debajo de 7.3.26, 7.4.x por debajo de 7.4.14 y 8.0.0, cuando se comprueba una URL con funciones como filter_var ($url, FILTER_VALIDATE_URL), PHP aceptará una URL con una contraseña no válida como una URL válida. Esto puede conllevar a funciones que dependen de que la URL sea válida para analizar inapropiadamente la URL y producir datos incorrectos como componentes de la URL • https://bugs.php.net/bug.php?id=77423 https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html https://security.gentoo.org/glsa/202105-23 https://security.netapp.com/advisory/ntap-20210312-0005 https://www.debian.org/security/2021/dsa-4856 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2020-7071 https://bugzilla.redhat.com/show_bug.cgi?id=1913846 • CWE-20: Improper Input Validation •