CVSS: 5.9EPSS: 88%CPEs: 17EXPL: 0CVE-2019-2449 – Oracle Java jnlp Protocol Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2019-2449
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106597 https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:1238 https://security.netapp.com/advisory/ntap-20190118-0001 https://access.redhat.com/security/cve/CVE-2019-2449 https://bugzilla.redhat.com/show_bug.cgi?id=1685601 •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14662 – ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key
https://notcve.org/view.php?id=CVE-2018-14662
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. En Ceph en versiones anteriores a la 13.2.4, se ha detectado que los usuarios ceph autenticados con permisos de solo lectura podrían robar las claves de cifrado dm-crypt empleadas durante el cifrado de disco ceph. It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662 https://ceph.com/releases/13-2-4-mimic-released https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://usn.ubuntu.com/4035-1 https://access.redhat.com/securi • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase
https://notcve.org/view.php?id=CVE-2018-16846
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846 https://ceph.com/releases/13-2-4-mimic-released https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://usn.ubuntu.com/4035-1 https://access.redhat.com/securi • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2018-16886 – etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway
https://notcve.org/view.php?id=CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. etcd, en sus versiones 3.2.x anteriores a la 3.2.26 y versiones 3.3.x anteriores a la 3.3.11, es vulnerable a una autorización incorrecta cuando se emplea un control de acceso basado en roles (RBAC) y client-cert-auth se encuentra habilitado. Si un certificado TLS del servidor etcd del cliente contiene un "Common Name" (CN) que coincide con un nombre de usuario RBAC válido, un atacante remoto podría autenticarse como dicho usuario con cualquier certificado (confiable) del cliente en una petición REST API en gRPC-gateway. Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. • http://www.securityfocus.com/bid/106540 https://access.redhat.com/errata/RHSA-2019:0237 https://access.redhat.com/errata/RHSA-2019:1352 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886 https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20699 – docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
https://notcve.org/view.php?id=CVE-2018-20699
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. Docker Engine, en versiones anteriores a la 18.09, permite que los atacantes provoquen una denegación de servicio (consumo de la memoria dockerd) mediante un entero grande en los valores --cpuset-mems o --cpuset-cpus. Esto está relacionado con daemon/daemon_unix.go, pkg/parsers/parsers.go y pkg/sysinfo/sysinfo.go. • https://access.redhat.com/errata/RHSA-2019:0487 https://github.com/docker/engine/pull/70 https://github.com/moby/moby/pull/37967 https://access.redhat.com/security/cve/CVE-2018-20699 https://bugzilla.redhat.com/show_bug.cgi?id=1666565 • CWE-400: Uncontrolled Resource Consumption •