CVE-2018-12116 – nodejs: HTTP request splitting
https://notcve.org/view.php?id=CVE-2018-12116
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. Node.js: Todas las versiones anteriores a la 6.15.0 y 8.14.0: separación de petición HTTP. Si se puede convencer a Node.js para que emplee datos Unicode no saneados proporcionados por el usuario para la opción "path" de una petición HTTP, los datos pueden proporcionarse para desencadenar una segunda petición HTTP no esperada y definida por el usuario para el mismo servidor. • https://access.redhat.com/errata/RHSA-2019:1821 https://nodejs.org/en/blog/vulnerability/november-2018-security-releases https://security.gentoo.org/glsa/202003-48 https://access.redhat.com/security/cve/CVE-2018-12116 https://bugzilla.redhat.com/show_bug.cgi?id=1660998 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-115: Misinterpretation of Input •
CVE-2018-19208 – libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp
https://notcve.org/view.php?id=CVE-2018-19208
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. En libwpd 0.10.2, hay una desreferencia de puntero NULL en la función WP6ContentListener::defineTable en WP6ContentListener.cpp que conducirá a un ataque de denegación de servicio (DoS). Esto está relacionado con WPXTable.h. • https://access.redhat.com/errata/RHSA-2019:2126 https://bugzilla.redhat.com/show_bug.cgi?id=1643752 https://access.redhat.com/security/cve/CVE-2018-19208 https://bugzilla.redhat.com/show_bug.cgi?id=1649414 • CWE-476: NULL Pointer Dereference •
CVE-2018-19052
https://notcve.org/view.php?id=CVE-2018-19052
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. Se ha descubierto un problema en mod_alias_physical_handler en mod_alias.c en lighttpd en versiones anteriores a la 1.4.50. Hay un salto de directorio ../ de un único directorio sobre el alias objetivo, con una configuración mod_alias específica en la que el alias coincidente carece de un carácter "/" final, pero el sistema de archivos del alias objetivo sí tiene un carácter "/" final. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.html https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 https://lists.debian.org/debian-lts-announce/2022/01/msg00012.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-6556 – The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
https://notcve.org/view.php?id=CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. Cuando se solicita a lxc-user-nic que elimine una interfaz de red, abrirá de forma incondicional una ruta proporcionada por el usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591 https://bugzilla.suse.com/show_bug.cgi?id=988348 https://security.gentoo.org/glsa/201808-02 https://usn.ubuntu.com/usn/usn-3730- • CWE-417: Communication Channel Errors •
CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://www.securitytracker.com/id/1041396 https://access.redhat.com/errata/RHBA-2018:3788 https://access.redhat.com/errata/RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2585 https://access.redhat.co • CWE-426: Untrusted Search Path •