CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11713 – webkitgtk: WebSockets don't use system proxy settings
https://notcve.org/view.php?id=CVE-2018-11713
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.0 o sin libsoup 2.62.0, falló inesperadamente a la hora de emplear las opciones de proxy del sistema para las conexiones WebSocket. Como resultado, los usuarios pueden perder su anonimato mediante sitios web manipulados a los que se accede a través de una conexión WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=126384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/228088/webkit https://access.redhat.com/security/cve/CVE-2018-11713 https://bugzilla.redhat.com/show_bug.cgi?id=1588739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2132
https://notcve.org/view.php?id=CVE-2012-2132
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. libsoup v2.32.2 y anteriores no valida los certificados o elimina el indicador de 'confiable' cuando el archivo ssl-ca-file no existe, lo que permite a atacantes remotos evitar la autenticación mediante el uso de una conexión SSL. • http://www.openwall.com/lists/oss-security/2012/04/24/13 http://www.openwall.com/lists/oss-security/2012/04/24/3 http://www.openwall.com/lists/oss-security/2012/04/30/7 http://www.openwall.com/lists/oss-security/2012/05/02/8 http://www.securityfocus.com/bid/53232 https://bugzilla.gnome.org/show_bug.cgi?id=666280 https://exchange.xforce.ibmcloud.com/vulnerabilities/75167 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 74EXPL: 0CVE-2011-2524 – libsoup: SoupServer directory traversal flaw
https://notcve.org/view.php?id=CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. Una vulnerabilidad de salto de directorio en la soup-uri.c en SoupServer en libsoup antes de v2.35.4 permite a atacantes remotos leer archivos de su elección a través de un %2e%2e (punto punto) en la URI. • http://git.gnome.org/browse/libsoup/tree/NEWS http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html http://secunia.com/advisories/47299 http://www.debian.org/security/2011/dsa-2369 http://www.redhat.com/support/errata/RHSA-2011-1102.html http://www.securitytracker.com/id?1025864 http://www.ubuntu.com/usn/USN-1181-1 https://bugzilla.gnome.org/show_bug.cgi?id=653258 https://access.redhat.com/security/cve/CVE-2011-2524 https://bugzilla.redhat&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •