CVSS: 9.0EPSS: 1%CPEs: 15EXPL: 1CVE-2023-27534 – curl: SFTP path ~ resolving discrepancy
https://notcve.org/view.php?id=CVE-2023-27534
21 Mar 2023 — A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Harry Sintonen discovered that curl incorrectly handled certain TELN... • https://hackerone.com/reports/1892351 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 1CVE-2023-27535 – curl: FTP too eager connection reuse
https://notcve.org/view.php?id=CVE-2023-27535
21 Mar 2023 — An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could ... • https://hackerone.com/reports/1892780 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 1CVE-2023-27536 – curl: GSS delegation too eager connection re-use
https://notcve.org/view.php?id=CVE-2023-27536
21 Mar 2023 — An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. A flaw ... • https://hackerone.com/reports/1895135 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 1CVE-2023-27538 – curl: SSH connection too eager reuse still
https://notcve.org/view.php?id=CVE-2023-27538
21 Mar 2023 — An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Harry Sin... • https://hackerone.com/reports/1898475 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 1CVE-2022-4904 – c-ares: buffer overflow in config_sortlist() due to missing string length check
https://notcve.org/view.php?id=CVE-2022-4904
02 Mar 2023 — A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. • https://bugzilla.redhat.com/show_bug.cgi?id=2168631 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 1CVE-2023-27320 – Gentoo Linux Security Advisory 202309-12
https://notcve.org/view.php?id=CVE-2023-27320
28 Feb 2023 — Sudo before 1.9.13p2 has a double free in the per-command chroot feature. It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges. • http://www.openwall.com/lists/oss-security/2023/03/01/8 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1055 – RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute
https://notcve.org/view.php?id=CVE-2023-1055
27 Feb 2023 — A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. A flaw was found in RHDS 11 and 12. • https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 2%CPEs: 16EXPL: 1CVE-2023-23916 – curl: HTTP multi-header compression denial of service
https://notcve.org/view.php?id=CVE-2023-23916
23 Feb 2023 — An allocation of resources without limits or throttling vulnerability exists in curl
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 5CVE-2023-24329 – python: urllib.parse url blocklisting bypass
https://notcve.org/view.php?id=CVE-2023-24329
17 Feb 2023 — An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containeri... • https://github.com/JawadPy/CVE-2023-24329-Exploit • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 2%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
10 Feb 2023 — A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over tha... • https://access.redhat.com/security/cve/CVE-2023-0361 • CWE-203: Observable Discrepancy •