Page 11 of 550 results (0.015 seconds)

CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0

CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

https://notcve.org/view.php?id=CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2018-10915 – postgresql: Certain host connection parameters defeat client-side security defenses

https://notcve.org/view.php?id=CVE-2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. Se ha encontrado una vulnerabilidad en qemu-img, la biblioteca de cliente por defecto de PostgreSQL por la que libpq fracasa a la hora de restablecer su estado interno entre conexiones. Si se emplea una versión afectada de libpq se emplea con parámetros de conexión "host" o "hostaddr" desde entradas no fiables, los atacantes podrían omitir características de seguridad de conexión del lado del cliente, obtener acceso a conexiones con mayores privilegios o, posiblemente, provocar otro tipo de impacto mediante una inyección SQL. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://www.securityfocus.com/bid/105054 http://www.securitytracker.com/id/1041446 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2557 https://access.redhat.com/errata/RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 74%CPEs: 127EXPL: 0

CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service

https://notcve.org/view.php?id=CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 1

CVE-2017-18344 – Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

https://notcve.org/view.php?id=CVE-2017-18344

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). La implementación de llamada del sistema timer_create en kernel/time/posix-timers.c en el kernel de Linux en versiones anteriores a la 4.14.8 no valida correctamente el campo sigevent->sigev_notify, conduciendo a un acceso fuera de límites en la función show_timer (que se llama cuando se lee /proc/$PID/timers). Esto permite que las aplicaciones del espacio del usuario lean memoria del kernel arbitraria (en un kernel construido con CONFIG_POSIX_TIMERS y CONFIG_CHECKPOINT_RESTORE). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function. • https://www.exploit-db.com/exploits/45175 http://www.securityfocus.com/bid/104909 http://www.securitytracker.com/id/1041414 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3459 https://access.redhat.com/errata/RHSA-2018:3540 https://access.redhat.com/errata/RHSA-2018:3586 https://access.redhat.com/errata/RHSA-2018:3590 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2018-2767 – mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)

https://notcve.org/view.php?id=CVE-2018-2767

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/103954 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://usn.ubuntu.com/3725-2 https://www.debian.org/security/2018/dsa& • CWE-325: Missing Cryptographic Step •