CVSS: 9.9EPSS: 1%CPEs: 14EXPL: 0CVE-2020-15049 – squid: Request smuggling and poisoning attack against the HTTP cache
https://notcve.org/view.php?id=CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. Se detectó un problema en el archivo http/ContentLengthInterpreter.cc en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Un ataque de Trafico No Autorizado de Peticiones y Envenenamiento puede tener éxito contra la memoria caché HTTP. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html https://lists.fedor • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-15396
https://notcve.org/view.php?id=CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. En HylaFAX+ versiones hasta 7.0.2 y HylaFAX Enterprise, la utilidad de configuración del fax llama chown sobre archivos en directorios propiedad del usuario. Al ganar una carrera, un atacante local podría usar esto para escalar sus privilegios para root • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.html https://bugzilla.suse.com/show_bug.cgi?id=1173521 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6 https://lists.fedoraproject.org/archives/list& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-18922 – libvncserver: websocket decoding buffer overflow
https://notcve.org/view.php?id=CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. Se detectó que el archivo websockets.c en LibVNCServer versiones anteriores a 0.9.12, no decodificaba apropiadamente determinados tramas de WebSocket. Un atacante malicioso podría explotar esto mediante el envío de tramas de WebSocket especialmente diseñadas hacia un servidor, causando un desbordamiento del búfer en la región heap de la memoria A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html http://www.openwall.com/lists/oss-security/2020/06/30/3 https://bugzilla.redhat.com/show_bug.cgi?id=1852356 https://cer • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14002
https://notcve.org/view.php?id=CVE-2020-14002
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). PuTTY versiones 0.68 hasta 0.73, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a los intentos iniciales de conexión (donde ninguna clave de host para el servidor ha sido almacenada en caché por parte del cliente) • https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JPV4A77EDCT4BTFO5BE26ZH72BG4E5IJ https://lists.tartarus.org/pipermail/putty-announce https://security.netapp.com/advisory/ntap-20200717-0003 https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.fzi.de/en/news/new • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4067 – Improper Initialization in coturn
https://notcve.org/view.php?id=CVE-2020-4067
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. En coturn anterior a la versión 4.5.1.3, se presenta un problema por el cual el búfer de respuesta STUN/TURN no se inicializa apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15 https://github.com/coturn/coturn/issues/583 https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM https://lists.fedoraproject.org/archives/list/p • CWE-665: Improper Initialization •