CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2020-10109 – python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header
https://notcve.org/view.php?id=CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. En Twisted Web versiones hasta 19.10.0, se presentó una vulnerabilidad de división de petición HTTP. Cuando se presentó con un encabezado content-length y chunked encoding, el content-length tomó precedencia y el resto del cuerpo de la petición se interpretó como una petición canalizada "pipelined". A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. • https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/twisted-version-19.10.0 https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D https://security.gentoo.org/glsa/202007-24 https://usn.ubuntu.com/4308-1 https://usn.ubuntu.com/ • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-20503 – usrsctp: Out of bounds reads in sctp_load_addresses_from_init()
https://notcve.org/view.php?id=CVE-2019-20503
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. usrsctp versiones anteriores al 20-12-2019, presenta lecturas fuera de límites en la función sctp_load_addresses_from_init. The Mozilla Foundation Security Advisory describes this flaw as: The inputs to `sctp_load_addresses_from_init` are verified by `sctp_arethere_unrecognized_parameters`; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/52 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/59 https:/ • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20382 – QEMU: vnc: memory leakage upon disconnect
https://notcve.org/view.php?id=CVE-2019-20382
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. QEMU versión 4.1.0, presenta una pérdida de memoria en la función zrle_compress_data en el archivo ui/vnc-enc-zrle.c durante una operación de desconexión de VNC porque libz es usada inapropiadamente, resultando en una situación donde la memoria asignada en deflateInit2 no es liberada en deflateEnd. A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection, resulting in a memory leak. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2020/03/05/1 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://usn.ubuntu.com/4372-1 https://www.debian.org/security/2020/dsa-4665 https://access.redhat.com/security/cve/CVE-2019-20382 https://bugzilla.redhat.com/show_bug.cgi?id=1810390 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10174
https://notcve.org/view.php?id=CVE-2020-10174
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used. init_tmp en TeeJee.FileSystem.vala en Timeshift versiones anteriores a 20.03, reutiliza de forma no segura un directorio temporal preexistente en la ubicación predecible /tmp/timeshift. • http://www.openwall.com/lists/oss-security/2020/03/06/3 https://bugzilla.suse.com/show_bug.cgi?id=1165802 https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 https://github.com/teejee2008/timeshift/releases/tag/v20.03 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SXDEPC52G46U6I7GLQNFLZXVSM7V2HYY https://lists.fedoraproject.or • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 18%CPEs: 11EXPL: 0CVE-2020-9402 – django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle
https://notcve.org/view.php?id=CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. Django versiones 1.11 anteriores a 1.11.29, versiones 2.2 anteriores a 2.2.11 y versiones 3.0 anteriores a 3.0.4, permite una Inyección SQL si datos no confiables son usados como un parámetro tolerance en funciones GIS y agregados en Oracle. Al pasar una tolerancia diseñada adecuadamente hacia las funciones GIS y agregarlas en Oracle, esto hizo posible romper el escape e inyectar SQL malicioso. A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY https://security.gentoo.org/glsa/202004-17 https://security.netapp.com/advis • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •