CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11713 – webkitgtk: WebSockets don't use system proxy settings
https://notcve.org/view.php?id=CVE-2018-11713
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.0 o sin libsoup 2.62.0, falló inesperadamente a la hora de emplear las opciones de proxy del sistema para las conexiones WebSocket. Como resultado, los usuarios pueden perder su anonimato mediante sitios web manipulados a los que se accede a través de una conexión WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=126384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/228088/webkit https://access.redhat.com/security/cve/CVE-2018-11713 https://bugzilla.redhat.com/show_bug.cgi?id=1588739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 74EXPL: 0CVE-2011-2524 – libsoup: SoupServer directory traversal flaw
https://notcve.org/view.php?id=CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. Una vulnerabilidad de salto de directorio en la soup-uri.c en SoupServer en libsoup antes de v2.35.4 permite a atacantes remotos leer archivos de su elección a través de un %2e%2e (punto punto) en la URI. • http://git.gnome.org/browse/libsoup/tree/NEWS http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html http://secunia.com/advisories/47299 http://www.debian.org/security/2011/dsa-2369 http://www.redhat.com/support/errata/RHSA-2011-1102.html http://www.securitytracker.com/id?1025864 http://www.ubuntu.com/usn/USN-1181-1 https://bugzilla.gnome.org/show_bug.cgi?id=653258 https://access.redhat.com/security/cve/CVE-2011-2524 https://bugzilla.redhat&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2009-0585 – libsoup: integer overflow in soup_base64_encode()
https://notcve.org/view.php?id=CVE-2009-0585
Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. Un desbordamiento de entero en la función soup_base64_encode en sopa-misc.c en libsoup 2.x.x antes de 2.2.x, y 2.x antes de 2.24, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de una cadena demasiado larga que se convierte en una representación en base64. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://secunia.com/advisories/34310 http://secunia.com/advisories/34337 http://secunia.com/advisories/34401 http://secunia.com/advisories/35065 http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm http://www.debian.org/security/2009/dsa-1748 http://www.mandriva.com/security/a • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 14%CPEs: 1EXPL: 0CVE-2006-5876
https://notcve.org/view.php?id=CVE-2006-5876
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. La función soup_headers_parse en soup-headers.c para la librería libsoup HTTP anterior a 2.2.99 permite a atacantes remotos provocar una denegación de servicio (caída) mediante cabeceras HTTP mal formadas, que probablemente implican campos o valores que faltan. • http://fedoranews.org/cms/node/2509 http://ftp.gnome.org/pub/gnome/sources/libsoup/2.2/libsoup-2.2.99.news http://osvdb.org/31667 http://secunia.com/advisories/23734 http://secunia.com/advisories/23770 http://secunia.com/advisories/23871 http://secunia.com/advisories/23873 http://secunia.com/advisories/23961 http://secunia.com/advisories/23976 http://www.debian.org/security/2007/dsa-1248 http://www.mandriva.com/security/advisories?name=MDKSA-2007:029 http:/& •