CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2020-25866
https://notcve.org/view.php?id=CVE-2020-25866
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. En Wireshark versiones 3.2.0 hasta 3.2.6 y versiones 3.0.0 hasta 3.0.13, el disector del protocolo BLIP presenta una desreferencia del puntero NULL porque un búfer fue dimensionado para mensajes comprimidos (no sin comprimir). Esto fue abordado en el archivo epan/disactors/packet-blip.c permitiendo relaciones de compresión razonables y rechazando las bombas ZIP • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html https://gitlab.com/wireshark/wireshark/-/commit/4a948427100b6c109f4ec7b4361f0d2aec5e5c3f https://gitlab.com/wireshark/wireshark/-/issues/16866 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGRYKW4XLR44YDWTAH547ODYYBYPB2D&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25862
https://notcve.org/view.php?id=CVE-2020-25862
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. En Wireshark versiones 3.2.0 hasta 3.2.6, versiones 3.0.0 hasta 3.0.13 y versiones 2.6.0 hasta 2.6.20, el disector TCP podría bloquearse. Esto fue abordado en el archivo epan/disactors/packet-tcp.c mediante el cambio en el manejo del checksum 0xFFFF no válido • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html https://gitlab.com/wireshark/wireshark/-/commit/7f3fe6164a68b76d9988c4253b24d43f498f1753 https://gitlab.com/wireshark/wireshark/-/issues/16816 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW https://lists.fedoraproject.org/archives&# • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-25613 – ruby: Potential HTTP request smuggling in WEBrick
https://notcve.org/view.php?id=CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. Se detectó un problema en Ruby versiones hasta 2.5.8, versiones 2.6.x hasta 2.6.6 y versiones 2.7.x hasta 2.7.1. WEBrick, un simple servidor HTTP integrado con Ruby, no había comprobado rigurosamente el valor del encabezado transfer-encoding. • https://github.com/metapox/CVE-2020-25613 https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7 https://hackerone.com/reports/965267 https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV https://security.gentoo.org/glsa/202401-27 https://sec • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-8223
https://notcve.org/view.php?id=CVE-2020-8223
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. Un error lógico en Nextcloud Server versión 19.0.0, causó una escalada de privilegios permitiendo a usuarios maliciosos volver a compartir con permisos más elevados de los que se les asignaron • https://hackerone.com/reports/889243 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7FX3O6SJE2S52I2HAA4DSTUIISP5BNA https://nextcloud.com/security/advisory/?id=NC-SA-2020-029 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 1CVE-2020-7070 – PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
https://notcve.org/view.php?id=CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando PHP procesa valores de cookies HTTP entrantes, los nombres de las cookies se decodifican de la URL. Esto puede conllevar a que las cookies con prefijos como __Host se confundan con las cookies que decodifican dicho prefijo, lo que conlleva a que un atacante pueda falsificar una cookie que se supone que es segura. • http://cve.circl.lu/cve/CVE-2020-8184 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://bugs.php.net/bug.php?id=79699 https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E https://lists.fedoraproject.org/archives/list/ • CWE-20: Improper Input Validation CWE-565: Reliance on Cookies without Validation and Integrity Checking •