4 results (0.010 seconds)

CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1

CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO

https://notcve.org/view.php?id=CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como "//../foo" o "\\..\ foo", el resultado sería el mismo valor, por lo que posiblemente proporcionar acceso a archivos en el directorio principal, pero no más arriba (por lo tanto, salto de ruta "limited"), si el código de llamada usara el resultado para construir un valor de ruta • https://issues.apache.org/jira/browse/IO-556 https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E https:/ • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0

CVE-2019-1559 – 0-byte record padding oracle

https://notcve.org/view.php?id=CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1

CVE-2018-16864 – systemd: stack overflow when calling syslog from a command with long cmdline

https://notcve.org/view.php?id=CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. Se ha descubierto una asignación de memoria sin límites, que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando un programa con argumentos largos de la línea de comandos llama a syslog. Un atacante local podría emplear este error para provocar el cierre inesperado de systemd-journald o escalar sus privilegios. • http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/106523 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0049 https://access.redhat.com/errata/RHSA-2019:0204 https://access.redhat.com/errata/RHSA-2019:0271 https://access.redhat.com/errata/RHSA-2019:0342 https://access.redhat.com/errata/RHSA-2019:0361 https://access.redhat.com/errata/RHSA-2019:2402 https://bugzilla.redhat.com/show_ • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 21

CVE-2015-0235 – Exim GHOST (glibc gethostbyname) Buffer Overflow

https://notcve.org/view.php?id=CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores relacionados con la funciín (1) gethostbyname o (2) gethostbyname2, también conocido como 'GHOST.' A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. • https://www.exploit-db.com/exploits/35951 https://www.exploit-db.com/exploits/36421 https://github.com/aaronfay/CVE-2015-0235-test https://github.com/makelinux/CVE-2015-0235-workaround https://github.com/sUbc0ol/CVE-2015-0235 https://github.com/mikesplain/CVE-2015-0235-cookbook https://github.com/tobyzxj/CVE-2015-0235 https://github.com/adherzog/ansible-CVE-2015-0235-GHOST http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux http:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •