CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11713 – webkitgtk: WebSockets don't use system proxy settings
https://notcve.org/view.php?id=CVE-2018-11713
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.0 o sin libsoup 2.62.0, falló inesperadamente a la hora de emplear las opciones de proxy del sistema para las conexiones WebSocket. Como resultado, los usuarios pueden perder su anonimato mediante sitios web manipulados a los que se accede a través de una conexión WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=126384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/228088/webkit https://access.redhat.com/security/cve/CVE-2018-11713 https://bugzilla.redhat.com/show_bug.cgi?id=1588739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 74EXPL: 0CVE-2011-2524 – libsoup: SoupServer directory traversal flaw
https://notcve.org/view.php?id=CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. Una vulnerabilidad de salto de directorio en la soup-uri.c en SoupServer en libsoup antes de v2.35.4 permite a atacantes remotos leer archivos de su elección a través de un %2e%2e (punto punto) en la URI. • http://git.gnome.org/browse/libsoup/tree/NEWS http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html http://secunia.com/advisories/47299 http://www.debian.org/security/2011/dsa-2369 http://www.redhat.com/support/errata/RHSA-2011-1102.html http://www.securitytracker.com/id?1025864 http://www.ubuntu.com/usn/USN-1181-1 https://bugzilla.gnome.org/show_bug.cgi?id=653258 https://access.redhat.com/security/cve/CVE-2011-2524 https://bugzilla.redhat&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •