CVSS: 7.9EPSS: 96%CPEs: 22EXPL: 8CVE-2018-1111 – DynoRoot DHCP Client - Command Injection
https://notcve.org/view.php?id=CVE-2018-1111
15 May 2018 — DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. Los paquetes DHCP en Red Hat Enterprise Linux 6 y 7, Fedora... • https://packetstorm.news/files/id/147698 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1118 – kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2018-1118
10 May 2018 — Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. El vhost del kernel de Linux desde la versión 4.8 no inicializa correctamente la memoria en los mensajes que se pasan entre invitados virtuales y el sistema operativo host en la función vhost/vhos... • https://access.redhat.com/errata/RHSA-2018:2948 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 8.0EPSS: 0%CPEs: 24EXPL: 0CVE-2018-1087 – Kernel: KVM: error in exception handling leads to wrong debug stack value
https://notcve.org/view.php?id=CVE-2018-1087
08 May 2018 — kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to cra... • http://www.openwall.com/lists/oss-security/2018/05/08/5 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
02 May 2018 — The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del siste... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 2%CPEs: 42EXPL: 0CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
26 Apr 2018 — Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria ... • http://www.securitytracker.com/id/1041707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1067 – undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
https://notcve.org/view.php?id=CVE-2018-1067
26 Apr 2018 — In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. En Undertow, en versiones anteriores a la 7.1.2.CR1, 7.1.2.GA, se descubrió que la solución para CVE-2016-4993 no estaba completa. Por lo tanto, el servidor web de Undertow e... • https://access.redhat.com/errata/RHSA-2018:1247 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
24 Apr 2018 — The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direc... • https://access.redhat.com/errata/RHSA-2018:1267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10322 – kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service
https://notcve.org/view.php?id=CVE-2018-10322
24 Apr 2018 — The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. La función xfs_dinode_verify en fs/xfs/libxfs/xfs_inode_buf.c en el kernel de Linux, hasta la versión 4.16.3, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero inválido en xfs_ilock_attr_map_shared) mediante una imagen xfs manipulada. The xfs... • http://www.securityfocus.com/bid/103960 • CWE-476: NULL Pointer Dereference •
CVSS: 8.3EPSS: 1%CPEs: 7EXPL: 1CVE-2018-1088 – glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled
https://notcve.org/view.php?id=CVE-2018-1088
18 Apr 2018 — A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. Se ha encontrado un error de escalado de privilegios en el programador de capturas en gluster, en versiones 3.x. Cualquier cliente gluster al que se le permita montar volúmenes de gluster también podría montar un volumen de almacenamiento compartido de gluster y escalar ... • https://github.com/MauroEldritch/GEVAUDAN • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
20 Mar 2018 — org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módul... • http://www.securityfocus.com/bid/103737 • CWE-502: Deserialization of Untrusted Data •