CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-2665
https://notcve.org/view.php?id=CVE-2017-2665
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. El comando skyring-setup crea contraseñas aleatorias para la base de datos mongodb de skyring, pero escribe contraseñas en texto plano en el archivo /etc/skyring/skyring.conf, propiedad de root, pero leído por un usuario local. Cualquier usuario local que tenga acceso al sistema que ejecuta el servicio skyring será capaz de obtener la contraseña en texto plano. • http://www.securityfocus.com/bid/97612 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665 • CWE-522: Insufficiently Protected Credentials •
CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese controlar los resultados de las llamadas lookup(), podrían inyectar cadenas Unicode para que sean analizadas por el sistema de plantillas jinja2, resultando en una ejecución de código. • http://www.securityfocus.com/bid/98492 https://access.redhat.com/errata/RHSA-2017:1244 https://access.redhat.com/errata/RHSA-2017:1334 https://access.redhat.com/errata/RHSA-2017:1476 https://access.redhat.com/errata/RHSA-2017:1499 https://access.redhat.com/errata/RHSA-2017:1599 https://access.redhat.com/errata/RHSA-2017:2524 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481 https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 https://lists.deb • CWE-20: Improper Input Validation •
CVE-2016-7062 – rhscon-ceph: password leak by command line parameter
https://notcve.org/view.php?id=CVE-2016-7062
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contraseña como texto sin cifrar. A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. • http://www.securityfocus.com/bid/93796 http://www.securitytracker.com/id/1037062 https://access.redhat.com/errata/RHSA-2016:2082 https://bugzilla.redhat.com/show_bug.cgi?id=1381681 https://access.redhat.com/security/cve/CVE-2016-7062 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-255: Credentials Management Errors •
CVE-2012-5635 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-5635
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. La funcionalidad GlusterFS en Red Hat Storage Management Console v2.0, Native Client, Server 2.0 permite a usuarios locales sobreescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en varios archivos temporales creados por (1) tests/volume.rc, (2) extras/hook- scripts/S30samba-stop.sh, y posiblemente otros vectores, la vulnerabilidad diferente a CVE-2012-4417. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. • http://rhn.redhat.com/errata/RHSA-2013-0691.html https://bugzilla.redhat.com/show_bug.cgi?id=886364 https://access.redhat.com/security/cve/CVE-2012-5635 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •