CVSS: 5.9EPSS: 57%CPEs: 55EXPL: 6CVE-2019-6111 – SCP Client - Multiple Vulnerabilities (SSHtranger Things)
https://notcve.org/view.php?id=CVE-2019-6111
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14662 – ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key
https://notcve.org/view.php?id=CVE-2018-14662
15 Jan 2019 — It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. En Ceph en versiones anteriores a la 13.2.4, se ha detectado que los usuarios ceph autenticados con permisos de solo lectura podrían robar las claves de cifrado dm-crypt empleadas durante el cifrado de disco ceph. It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryptio... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 4%CPEs: 10EXPL: 0CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase
https://notcve.org/view.php?id=CVE-2018-16846
15 Jan 2019 — It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service at... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.2EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3811 – sssd: fallback_homedir returns '/' for empty home directories in passwd file
https://notcve.org/view.php?id=CVE-2019-3811
15 Jan 2019 — A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. Se ha encontrado una vulnerabilidad en sssd. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6256 – Gentoo Linux Security Advisory 202005-06
https://notcve.org/view.php?id=CVE-2019-6256
14 Jan 2019 — A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. Se ha descubierto una denegación de servicio (DoS) en las libre... • https://github.com/rgaufman/live555/issues/19 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6245
https://notcve.org/view.php?id=CVE-2019-6245
13 Jan 2019 — An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 - x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption. Se ha descubierto un problema en Anti-Grain Geometry (AGG) 2.4, tal y como se emplea en SVG++ (también conocido... • https://github.com/svgpp/svgpp/issues/70 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-6133 – polkit: Temporary auth hijacking via PID reuse and non-atomic fork
https://notcve.org/view.php?id=CVE-2019-6133
11 Jan 2019 — In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado co... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2019-6128 – Gentoo Linux Security Advisory 202003-25
https://notcve.org/view.php?id=CVE-2019-6128
11 Jan 2019 — The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. La función TIFFdOpen en tif_unix.c en LibTIFF 4.0.10 tiene una fuga de memoria, tal y como queda demostrado con pal2rgb. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user priv... • http://bugzilla.maptools.org/show_bug.cgi?id=2836 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3461 – Ubuntu Security Notice USN-4077-1
https://notcve.org/view.php?id=CVE-2019-3461
11 Jan 2019 — Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14. Debian tmpreaper, en su versión 1.6.13+nmu1, tiene una condición de carrera al realizar un montaje (bind) mediante ... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 3%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
10 Jan 2019 — In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. Many ... • http://www.securityfocus.com/bid/106531 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •