CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro incorrecto, mediante la invocación sudo con un ID de usuario creado. Por ejemplo, esto permite la omisión de la configuración root y el registro USER= para un comando "sudo -u \#$((0xffffffff))". • https://www.exploit-db.com/exploits/47502 https://github.com/n0w4n/CVE-2019-14287 https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287 https://github.com/CMNatic/Dockerized-CVE-2019-14287 https://github.com/axax002/sudo-vulnerability-CVE-2019-14287 https://github.com/N3rdyN3xus/CVE-2019-14287 https://github.com/DewmiApsara/CVE-2019-14287 https://github.com/MariliaMeira/CVE-2019-14287 https://github.com/edsonjt81/CVE-2019-14287- https://github.com/SachinthaDeSilva-cmd& • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-14816 – kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
https://notcve.org/view.php?id=CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Se presenta un desbordamiento del búfer en la región heap de la memoria en el kernel, todas las versiones hasta 5.3 (excluyéndola), en el controlador de chip wifi marvell en el kernel de Linux, que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o posiblemente ejecutar código arbitrario. A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/08/28/1 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0204 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-1114 – undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1114
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. Se ha detectado que URLResource.getLastModified() en Undertow cierra los descriptores de archivo solo cuando están finalizados, lo que puede provocar el agotamiento de dichos descriptores. Esto conduce a una fuga del manejador de archivos. • https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2019:0877 https://bugs.openjdk.java.net/browse/JDK-6956385 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114 https://issues.jboss.org/browse/UNDERTOW-1338 https://access.redhat.com/security/cve/CVE-2018-1114 https://bugzilla.redhat.com/show_bug.cgi?id=1573045 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-15113
https://notcve.org/view.php?id=CVE-2017-15113
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. ovirt-engine en versiones anteriores a la 4.1.7.6 con el nivel de registro configurado en DEBUG incluye contraseñas en el archivo de registro sin enmascarar. Solo los administradores pueden cambiar el nivel de registro y solo los administradores pueden acceder a los registros. Esto presenta un riesgo cuando los registros de nivel de depuración se comparten con proveedores u otras partes para solucionar problemas. • http://www.securityfocus.com/bid/101933 https://access.redhat.com/errata/RHEA-2017:3138 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113 https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-1117 – ovirt-ansible-roles: passwords revealed in ansible log when provisioning new provider
https://notcve.org/view.php?id=CVE-2018-1117
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. ovirt-ansible-roles en versiones anteriores a la 1.0.6 tiene una vulnerabilidad debido a la falta de la directiva no_log, lo que resulta en que el procedimiento "Add oVirt Provider to ManageIQ/CloudForms" revela accidentalmente contraseñas de administrador en el registro de aprovisionamiento. En un entorno en el que se comparten registros con otras partes, esto podría conducir a un escalado de privilegios. Due to a missing no_log directive, the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosed admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. • http://www.securityfocus.com/bid/104186 https://access.redhat.com/errata/RHSA-2018:1452 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1117 https://access.redhat.com/security/cve/CVE-2018-1117 https://bugzilla.redhat.com/show_bug.cgi?id=1574776 • CWE-532: Insertion of Sensitive Information into Log File •