CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase
https://notcve.org/view.php?id=CVE-2018-16846
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846 https://ceph.com/releases/13-2-4-mimic-released https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://usn.ubuntu.com/4035-1 https://access.redhat.com/securi • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2018-16886 – etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway
https://notcve.org/view.php?id=CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. etcd, en sus versiones 3.2.x anteriores a la 3.2.26 y versiones 3.3.x anteriores a la 3.3.11, es vulnerable a una autorización incorrecta cuando se emplea un control de acceso basado en roles (RBAC) y client-cert-auth se encuentra habilitado. Si un certificado TLS del servidor etcd del cliente contiene un "Common Name" (CN) que coincide con un nombre de usuario RBAC válido, un atacante remoto podría autenticarse como dicho usuario con cualquier certificado (confiable) del cliente en una petición REST API en gRPC-gateway. Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. • http://www.securityfocus.com/bid/106540 https://access.redhat.com/errata/RHSA-2019:0237 https://access.redhat.com/errata/RHSA-2019:1352 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886 https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20699 – docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
https://notcve.org/view.php?id=CVE-2018-20699
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. Docker Engine, en versiones anteriores a la 18.09, permite que los atacantes provoquen una denegación de servicio (consumo de la memoria dockerd) mediante un entero grande en los valores --cpuset-mems o --cpuset-cpus. Esto está relacionado con daemon/daemon_unix.go, pkg/parsers/parsers.go y pkg/sysinfo/sysinfo.go. • https://access.redhat.com/errata/RHSA-2019:0487 https://github.com/docker/engine/pull/70 https://github.com/moby/moby/pull/37967 https://access.redhat.com/security/cve/CVE-2018-20699 https://bugzilla.redhat.com/show_bug.cgi?id=1666565 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-6133 – polkit: Temporary auth hijacking via PID reuse and non-atomic fork
https://notcve.org/view.php?id=CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado con la falta de comprobación de uid en polkitbackend/polkitbackendinteractiveauthority.c. A vulnerability was found in polkit. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html http://www.securityfocus.com/bid/106537 https://access.redhat.com/errata/RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2978 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. • http://www.securityfocus.com/bid/106531 https://access.redhat.com/errata/RHSA-2019:3702 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html https://security.gentoo.org/glsa/201903-16 https://security.gentoo.org/glsa/202007- • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •