CVSS: 5.5EPSS: 0%CPEs: 35EXPL: 1CVE-2019-7222 – Kernel: KVM: leak of uninitialized stack contents to guest
https://notcve.org/view.php?id=CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene una fuga de información. An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html http://www.openwall.com/lists/oss-security/2019/02/18/2 http://www.securityfocus.com/bid/106963 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 1CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. • http://rhn.redhat.com/errata/RHSA-2016-2932.html http://rhn.redhat.com/errata/RHSA-2016-2933.html http://rhn.redhat.com/errata/RHSA-2017-0161.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104823 https://github.com/jquery/api.jqueryui.com/issues/281 https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6 https://jqueryui.com/changelog/1.12.0 https://lists.apache.org/thread.html/519eb0fd45642dcecd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 270EXPL: 0CVE-2011-1011 – policycoreutils: insecure temporary directory handling in seunshare
https://notcve.org/view.php?id=CVE-2011-1011
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. La función seunshare_mount en sandbox/seunshare.c en seunshare en ciertos paquetes de Red Hat de policycoreutils v2.0.83 y anteriores de Red Hat Enterprise Linux (RHEL) v6 y anteriores, y Fedora v14 y anteriores, monta un nuevo directorio en la parte superior de /tmp sin asignar la pertenencia de root y el bit sticky a este nuevo directorio, lo que permite a usuarios locales reemplazar o eliminar de archivos /tmp de su elección, y por lo tanto provocar una denegación de servicio o ganar privilegios en su caso, mediante la ejecución de una aplicación setuid que se basa en /tmp, como demostrado por la aplicación de KSU. • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html http://openwall.com/lists/oss-security/2011/02/23/1 http://openwall.com/lists/oss-security/2011/02/23/2 http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197 http://secunia.com/advisories/43415 http://secunia.com/advisories/43844 http://secunia&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2009-3620 – kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
https://notcve.org/view.php?id=CVE-2009-3620
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. El controlador ATI Rage 128 (también conocido como r128), en el Kernel de Linux anterior a v2.6.31-git11 no verifica de forma adecuada el estado de inicialización del "Concurrent Command Engine (CCE)", lo que permite a usuarios locales provocar una denegación de servicio (desreferenciación de puntero nulo y caída del sistema) o posiblemente obtener privilegios a través de llamadas ioctl sin especificar. • http://article.gmane.org/gmane.linux.kernel/892259 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://lists.vmware.com/pipermail/sec • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo "hombre en el medio" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN). • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/32619 http://secunia.com/advisories/32681 http://secunia.com/advisories/32687 http://secunia.com/advisories/32879 http://secunia.com/advisories/33501 http://secunia.com/advi • CWE-295: Improper Certificate Validation •