CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2019-8308 – flatpak: potential /proc based sandbox escape
https://notcve.org/view.php?id=CVE-2019-8308
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Flatpak, en versiones anteriores a la 1.0.7 y en versiones 1.1.x y 1.2.x anteriores a la 1.2.3, expone /proc en el sandbox de script apply_extra, lo que permite que los atacantes modifiquen un archivo ejecutable del lado del host. A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html https://access.redhat.com/errata/RHSA-2019:0375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059 https://github.com/flatpak/flatpak/releases/tag/1.0.7 https://github.com/flatpak/flatpak/releases/tag/1.2.3 https://access.redhat.com/security/cve/CVE-2019-8308 https://bugzilla.redhat.com/show_bug.cgi?id=1675070 • CWE-668: Exposure of Resource to Wrong Sphere CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-12549 – JDK: missing null check when accelerating Unsafe calls
https://notcve.org/view.php?id=CVE-2018-12549
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. En Eclipse OpenJ9 0.11.0, el compilador JIT de OpenJ9 podría omitir incorrectamente una comprobación nula en el objeto recibidor de una llamada no segura al acelerarla. • https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:1238 https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019 https://access.redhat.com/security/cve/CVE-2018-12549 https://bugzilla.redhat.com/show_bug.cgi?id=1685717 • CWE-20: Improper Input Validation CWE-111: Direct Use of Unsafe JNI •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2018-12547 – JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
https://notcve.org/view.php?id=CVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. En Eclipse OpenJ9, en versiones anteriores a la 0.12.0, los métodos nativos jio_snprintf() y jio_vsnprintf() ignoraban el parámetro length. Esto afecta a las API existentes que llamaban a las funciones para sobrepasar el búfer asignado. • https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0473 https://access.redhat.com/errata/RHSA-2019:0474 https://access.redhat.com/errata/RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:1238 https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659 https://access.redhat.com/security/cve/CVE-2018-12547 https://bugzilla.redhat.com/show_bug.cgi?id=1685611 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 43EXPL: 21CVE-2019-5736 – runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout
https://notcve.org/view.php?id=CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. • https://github.com/Frichetten/CVE-2019-5736-PoC https://www.exploit-db.com/exploits/46369 https://www.exploit-db.com/exploits/46359 https://github.com/twistlock/RunC-CVE-2019-5736 https://github.com/jas502n/CVE-2019-5736 https://github.com/RyanNgWH/CVE-2019-5736-POC https://github.com/zyriuse75/CVE-2019-5736-PoC https://github.com/likescam/CVE-2019-5736 https://github.com/geropl/CVE-2019-5736 https://github.com/si1ent-le/CVE-2019-5736 https://github.com/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-7664 – elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
https://notcve.org/view.php?id=CVE-2019-7664
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). En elfutils 0.175, se intenta realizar un memcpy de tamaño negativo en elf_cvt_note en libelf/note_xlate.h debido a una comprobación de desbordamiento incorrecta. Las entradas elf manipuladas provocan un fallo de segmentación, que conduce a una denegación de servicio (cierre inesperado del programa). • https://access.redhat.com/errata/RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:3575 https://sourceware.org/bugzilla/show_bug.cgi?id=24084 https://access.redhat.com/security/cve/CVE-2019-7664 https://bugzilla.redhat.com/show_bug.cgi?id=1677536 • CWE-787: Out-of-bounds Write •