CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30636 – Limited directory traversal vulnerability on Windows in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2022-30636
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. • https://go.dev/cl/408694 https://go.dev/issue/53082 https://pkg.go.dev/vuln/GO-2024-2961 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24792 – Panic when parsing invalid palette-color images in golang.org/x/image
https://notcve.org/view.php?id=CVE-2024-24792
Parsing a corrupt or malicious image with invalid color indices can cause a panic. • https://go.dev/cl/588115 https://go.dev/issue/67624 https://pkg.go.dev/vuln/GO-2024-2937 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45288 – HTTP/2 CONTINUATION flood in net/http
https://notcve.org/view.php?id=CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. • http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://access.redhat.com/security/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 1CVE-2010-4818 – X.org: multiple GLX input sanitization flaws
https://notcve.org/view.php?id=CVE-2010-4818
The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. La extensión GLX en X.Org xserver v1.7.7 permite a usuarios remotos autenticados provocar una denegación de servicio (caída del servidor) y posiblemente ejecutar código arbitrario a través de (1) una solicitud hecha a mano que dispara un canje cliente en glx/glxcmdsswap.c, o (2) una longitud diseñado o (3) un valor negativo en el campo de pantalla en una solicitud para glx/glxcmds.c. • http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543 http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4 http://rhn.redhat.com/errata/RHSA-2011-1359.html http://rhn.redhat.com/errata/RHSA-2011-1360.html http://www.openwall.com/lists/oss-security/2011/09/22/7 http://www.openwall.com/lists/oss-security/2011/09/23/4 http://www.openwall.com/ • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2006-6102
https://notcve.org/view.php?id=CVE-2006-6102
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. Desbordamiento de enteros en la función ProcDbeGetVisualInfo en la extensión DBE para el X.Org 6.8.2, 6.9.0, 7.0 y 7.1, y XFree86 X server, permite a usuarios locales la ejecución de código de su elección a través de una solicitud del protocolo X modificada, que dispara una corrupción de memoria durante el procesamiento de estructuras de datos sin especificar. • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464 http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html http://osvdb.org/32085 http://secunia.com/advisories/23633 http://secunia.com/advisories/23670 http://secunia.com/advisories/23684 http://secunia.com/advisories/23689 htt •