CVE-2018-11713 – webkitgtk: WebSockets don't use system proxy settings
https://notcve.org/view.php?id=CVE-2018-11713
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.0 o sin libsoup 2.62.0, falló inesperadamente a la hora de emplear las opciones de proxy del sistema para las conexiones WebSocket. Como resultado, los usuarios pueden perder su anonimato mediante sitios web manipulados a los que se accede a través de una conexión WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=126384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/228088/webkit https://access.redhat.com/security/cve/CVE-2018-11713 https://bugzilla.redhat.com/show_bug.cgi?id=1588739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-2885 – libsoup: Stack based buffer overflow with HTTP Chunked Encoding
https://notcve.org/view.php?id=CVE-2017-2885
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en pila en GNOME libsoup 2.58. Una petición HTTP especialmente manipulada puede provocar un desbordamiento de pila que daría lugar a la ejecución remota de código. • http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html http://seclists.org/fulldisclosure/2020/Dec/3 http://www.securityfocus.com/bid/100258 https://access.redhat.com/errata/RHSA-2017:2459 https://www.debian.org/security/2017/dsa-3929 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392 https://access.redhat.com/security/cve/CVE-2017-2885 https://bugzilla.redhat.com/show_bug.cgi?id=1479281 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2012-2132
https://notcve.org/view.php?id=CVE-2012-2132
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. libsoup v2.32.2 y anteriores no valida los certificados o elimina el indicador de 'confiable' cuando el archivo ssl-ca-file no existe, lo que permite a atacantes remotos evitar la autenticación mediante el uso de una conexión SSL. • http://www.openwall.com/lists/oss-security/2012/04/24/13 http://www.openwall.com/lists/oss-security/2012/04/24/3 http://www.openwall.com/lists/oss-security/2012/04/30/7 http://www.openwall.com/lists/oss-security/2012/05/02/8 http://www.securityfocus.com/bid/53232 https://bugzilla.gnome.org/show_bug.cgi?id=666280 https://exchange.xforce.ibmcloud.com/vulnerabilities/75167 • CWE-287: Improper Authentication •
CVE-2011-2524 – libsoup: SoupServer directory traversal flaw
https://notcve.org/view.php?id=CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. Una vulnerabilidad de salto de directorio en la soup-uri.c en SoupServer en libsoup antes de v2.35.4 permite a atacantes remotos leer archivos de su elección a través de un %2e%2e (punto punto) en la URI. • http://git.gnome.org/browse/libsoup/tree/NEWS http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html http://secunia.com/advisories/47299 http://www.debian.org/security/2011/dsa-2369 http://www.redhat.com/support/errata/RHSA-2011-1102.html http://www.securitytracker.com/id?1025864 http://www.ubuntu.com/usn/USN-1181-1 https://bugzilla.gnome.org/show_bug.cgi?id=653258 https://access.redhat.com/security/cve/CVE-2011-2524 https://bugzilla.redhat • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0585 – libsoup: integer overflow in soup_base64_encode()
https://notcve.org/view.php?id=CVE-2009-0585
Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. Un desbordamiento de entero en la función soup_base64_encode en sopa-misc.c en libsoup 2.x.x antes de 2.2.x, y 2.x antes de 2.24, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de una cadena demasiado larga que se convierte en una representación en base64. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://secunia.com/advisories/34310 http://secunia.com/advisories/34337 http://secunia.com/advisories/34401 http://secunia.com/advisories/35065 http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm http://www.debian.org/security/2009/dsa-1748 http://www.mandriva.com/security/a • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •