Page 8 of 100 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0

CVE-2019-10160 – python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc

https://notcve.org/view.php?id=CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. Se descubrió una regresión de seguridad de CVE-2019-9636 en python desde commit con ID d537ab0ff9767ef024f26246899728f0116b1ec3 que afecta a las versiones 2.7, 3.5, 3.6, 3.7 y de v3.8.0a4 a v3.8.0b1, el cual permite a un atacante explotar CVE-2019-9636 violando las partes usuario (user) y contraseña (password) de una URL. Cuando una aplicación analiza las URL proporcionadas por el usuario para almacenar cookies, credenciales de autenticación u otro tipo de información, es posible que un atacante proporcione URL especialmente creadas para que la aplicación ubique información relacionada con el host (por ejemplo, cookies, datos de autenticación) y envíe a un host diferente al que debería, a diferencia de si las URL se analizaron correctamente. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:1587 https://access.redhat.com/errata/RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:2437 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e • CWE-172: Encoding Error CWE-522: Insufficiently Protected Credentials •

CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 4

CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

https://notcve.org/view.php?id=CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-3804 – cockpit: Crash when parsing invalid base64 headers

https://notcve.org/view.php?id=CVE-2019-3804

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. Se ha detectado que cockpit, en versiones anteriores a la 184, empleaba incorrectamente la funcionalidad de descodificación de base64 de glib, lo que resultaba en un ataque de denegación de servicio (DoS). Un atacante no autenticado podría enviar una petición especialmente manipulada con una cookie no válida codificada en base64, lo que podría provocar el cierre inesperado del servicio web. It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. • https://access.redhat.com/errata/RHSA-2019:1569 https://access.redhat.com/errata/RHSA-2019:1571 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804 https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12 https://github.com/cockpit-project/cockpit/pull/10819 https://access.redhat.com/security/cve/CVE-2019-3804 https://bugzilla.redhat.com/show_bug.cgi?id=1663567 • CWE-909: Missing Initialization of Resource •

CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0

CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization

https://notcve.org/view.php?id=CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/107400 https://access. • CWE-172: Encoding Error •

CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0

CVE-2019-1559 – 0-byte record padding oracle

https://notcve.org/view.php?id=CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •