Page 48 of 467 results (0.014 seconds)

CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. La biblioteca net/http en net/http/transfer.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente cabeceras HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante una petición con dos cabeceras Content-length. HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f https://access.redhat.c • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." La biblioteca net/http en net/textproto/reader.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente claves de cabecera HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante un espacio en lugar de un guión, tal y como se muestra en "Content Length", en lugar de "Content-Length". HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 http://www.securityfocus.com/bid/76281 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/117ddcb83d7f42d • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 9.8EPSS: 13%CPEs: 87EXPL: 0

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. Las versiones de RubyGems entre la 2.0.0 y la 2.6.13 son vulnerables a una posible vulnerabilidad de ejecución remota de código. La deserialización YAML de especificaciones de gemas puede omitir listas blancas de clases. • http://blog.rubygems.org/2017/10/09/2.6.14-released.html http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html http://www.securityfocus.com/bid/101275 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 https://hackerone.com/reports/27499 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." Go, en sus versiones 1.8.4 y versiones 1.9.x anteriores a la 1.9.1, permite que se ejecuten comandos "go get" de manera remota. • http://www.securityfocus.com/bid/101196 https://access.redhat.com/errata/RHSA-2017:3463 https://access.redhat.com/errata/RHSA-2018:0878 https://github.com/golang/go/issues/22125 https://golang.org/cl/68022 https://golang.org/cl/68190 https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html https://security.gentoo.org/glsa •

CVSS: 8.0EPSS: 0%CPEs: 43EXPL: 5

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas de configuración L2CAP, lo que desemboca en la ejecución remota de código en el espacio del kernel. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/42762 https://github.com/hayzamjs/Blueborne-CVE-2017-1000251 https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC https://github.com/sgxgsx/blueborne-CVE-2017-1000251 https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100809 http://www.securitytracker.com/id/1039373 https://access.redhat.com/errata& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •