CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-7238 – netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
https://notcve.org/view.php?id=CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. Netty versión 4.1.43.Final, permite el tráfico no autorizado de peticiones HTTP porque maneja inapropiadamente el espacio en blanco de Transfer-Encoding (tal y como una línea [space]Transfer-Encoding:chunked) y un encabezado Content-Length posterior. Este problema existe debido a una corrección incompleta para el CVE-2019-16869. A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. • https://access.redhat.com/errata/RHSA-2020:0497 https://access.redhat.com/errata/RHSA-2020:0567 https://access.redhat.com/errata/RHSA-2020:0601 https://access.redhat.com/errata/RHSA-2020:0605 https://access.redhat.com/errata/RHSA-2020:0606 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://github.com/jdordonezn/CVE-2020&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 2CVE-2019-17570 – xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response
https://notcve.org/view.php?id=CVE-2019-17570
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. Se detectó una deserialización no confiable en el método org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult de la biblioteca Apache XML-RPC (también se conoce como ws-xmlrpc). Un servidor XML-RPC malicioso podría apuntar a un cliente XML-RPC causando que ejecute código arbitrario. • https://github.com/r00t4dm/CVE-2019-17570 http://www.openwall.com/lists/oss-security/2020/01/24/2 https://access.redhat.com/errata/RHSA-2020:0310 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html https: • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20387 – libsolv: out-of-bounds read in repodata_schema2id in repodata.c
https://notcve.org/view.php?id=CVE-2019-20387
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. La función repodata_schema2id en el archivo repodata.c en libsolv versiones anteriores a 0.7.6, presenta una lectura excesiva del búfer en la región heap de la memoria por medio de un último esquema cuya longitud es menor que la longitud del esquema de entrada. An out-of-bounds read was discovered in Libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses Libsolv. • https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6 https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html https://access.redhat.com/security/cve/CVE-2019-20387 https://bugzilla.redhat.com/show_bug.cgi?id=1797072 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-7040
https://notcve.org/view.php?id=CVE-2020-7040
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) El archivo storeBackup.pl en storeBackup versiones hasta 3.5, se basa en el nombre de ruta /tmp/storeBackup.lock, que permite ataques de tipo symlink que posiblemente conllevan a una escalada de privilegios. (Los usuarios locales también pueden crear un archivo simple llamado /tmp/storeBackup.lock para bloquear el uso de storeBackup hasta que un administrador elimine manualmente ese archivo). • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.html http://www.openwall.com/lists/oss-security/2020/01/20/3 http://www.openwall.com/lists/oss-security/2020/01/21/2 http://www.openwall.com/lists/oss-security/2020/01/22/2 http://www.openwall.com/lists/oss-security/2020/01/22/3 http://www.openwall.com/lists/oss-security/2020/01/23/1 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040 https://lists.debian.org/debian-lts-announ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2020-5202
https://notcve.org/view.php?id=CVE-2020-5202
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html http://www.openwall.com/lists/oss-security/2020/01/20/4 https://seclists.org/oss-sec/2020/q1/21 https://security-tracker.debian.org/tracker/CVE-2020-5202 •