CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-1068 – kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
https://notcve.org/view.php?id=CVE-2018-1068
16 Mar 2018 — A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Se ha encontrado un error en la implementación de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permitía que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel. A flaw was found in the Linux kernel's implementat... • http://www.securityfocus.com/bid/103459 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-7740 – kernel: Denial of service in resv_map_release function in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2018-7740
07 Mar 2018 — The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. La función resv_map_release en mm/hugetlb.c en el kernel de Linux hasta la versión 4.15.7 permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación manipulada que realiza llamadas del sistema mmap y tiene un argume... • http://www.securityfocus.com/bid/103316 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-5803 – kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
https://notcve.org/view.php?id=CVE-2018-5803
01 Mar 2018 — In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. En el kernel de Linux en versiones anteriores a la 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51 y 3.2.102, un error en la función "_sctp_make_chunk()" (net/sctp/sm_make_chunk.c) al gestionar el tamaño de paquetes SCTP puede explotarse para provocar un cierre inesperado del ker... • https://access.redhat.com/errata/RHSA-2018:1854 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6764 – libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init
https://notcve.org/view.php?id=CVE-2018-6764
20 Feb 2018 — util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protección de contenedor planeado y ejecuten comandos arbitrarios mediante un mó... • http://www.ubuntu.com/usn/USN-3576-1 • CWE-179: Incorrect Behavior Order: Early Validation CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
12 Feb 2018 — The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando u... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
26 Jan 2018 — The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.1... • http://www.securitytracker.com/id/1040319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 9%CPEs: 17EXPL: 0CVE-2018-5968 – jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
https://notcve.org/view.php?id=CVE-2018-5968
22 Jan 2018 — FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. FasterXML jackson-databind, hasta la versión 2.8.11 y las versiones 2.9.x hasta la 2.9.3, permite la ejecución remota de código sin autenticar debido a una solución incompleta para los errores de deserialización CVE-2017-7525 y CVE-2017-... • https://access.redhat.com/errata/RHSA-2018:0478 • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-1000410 – kernel: Stack information leak in the EFS element
https://notcve.org/view.php?id=CVE-2017-1000410
07 Dec 2017 — The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him t... • http://seclists.org/oss-sec/2017/q4/357 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7536 – hibernate-validator: Privilege escalation when running under the security manager
https://notcve.org/view.php?id=CVE-2017-7536
26 Sep 2017 — In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). En Hibernate Val... • http://www.securityfocus.com/bid/101048 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 0CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine
https://notcve.org/view.php?id=CVE-2017-7539
05 Sep 2017 — An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servid... • http://www.openwall.com/lists/oss-security/2017/07/21/4 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •