CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1777
https://notcve.org/view.php?id=CVE-2015-1777
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. rhnreg_ks en Red Hat Network Client Tools (también conocido como rhn-client-tools) en Red Hat Gluster Storage 2.1 y Enterprise Linux (RHEL) 5, 6 y 7 no valida correctamente los nombres de host en los certificados X.509 de los servidores SSL. Esto puede permitir que atacantes remotos eviten el registro en el sistema mediante un ataque Man-in-the-Middle (MitM). • http://www.openwall.com/lists/oss-security/2015/03/04/7 http://www.securityfocus.com/bid/72943 https://bugzilla.redhat.com/show_bug.cgi?id=1198740 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-6914 – ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
https://notcve.org/view.php?id=CVE-2018-6914
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. Vulnerabilidad de salto de directorio en el método Dir.mktmpdir en la biblioteca tmpdir en Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, podría permitir que atacantes creen directorios o archivos arbitrarios mediante un .. (punto punto) en el argumento prefix. It was found that the tmpdir and tempfile modules did not sanitize their file name argument. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103686 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-8778 – ruby: Buffer under-read in String#unpack
https://notcve.org/view.php?id=CVE-2018-8778
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante que controla el formato de desempaquetado (similar a las vulnerabilidades de cadena de formato) puede desencadenar una sublectura de búfer en el método String#unpack. Esto resulta en una gran divulgación de información controlada. A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103693 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-8777 – ruby: DoS by large request in WEBrick
https://notcve.org/view.php?id=CVE-2018-8777
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante puede pasar una petición HTTP larga con una cabecera manipulada al servidor WEBrick o un cuerpo manipulado al servidor/manipulador WEBrick y provocar una denegación de servicio (consumo de memoria). It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103683 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2020:0542 https://access.redhat.com/errata/RHSA-2020:0591 https://access.redhat.com/errata&#x • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 0CVE-2017-15710 – httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
https://notcve.org/view.php?id=CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. • http://www.openwall.com/lists/oss-security/2018/03/24/8 http://www.securityfocus.com/bid/103512 http://www.securitytracker.com/id/1040569 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-787: Out-of-bounds Write •