CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 1CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patrón de URL "" (la cadena vacía) que mapea exactamente al root de contexto no se gestionó correctamente en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 al emplearse como parte de una definición de limitación de seguridad. • https://github.com/knqyf263/CVE-2018-1304 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103170 http://www.securitytracker.com/id/1040427 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redha • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 93%CPEs: 10EXPL: 1CVE-2018-7489 – jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
https://notcve.org/view.php?id=CVE-2018-7489
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. FasterXML jackson-databind, en versiones anteriores a la 2.7.9.3, versiones 2.8.x anteriores a la 2.8.11.1 y las versiones 2.9.x anteriores a la 2.9.5, permite la ejecución remota de código sin autenticar debido a una solución incompleta para el error de deserialización CVE-2017-7525. Esto puede explotarse mediante el envío de entradas JSON maliciosamente manipuladas al método readValue de ObjectMapper, omitiendo una lista negra no efectiva si las librerías c3p0 están disponibles en la classpath. • https://github.com/tafamace/CVE-2018-7489 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103203 http://www.securitytracker.com/id/1040693 http://www.securitytracker.com/id/1041890 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1448 https:/ • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6764 – libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init
https://notcve.org/view.php?id=CVE-2018-6764
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protección de contenedor planeado y ejecuten comandos arbitrarios mediante un módulo NSS manipulado. • http://www.ubuntu.com/usn/USN-3576-1 https://access.redhat.com/errata/RHSA-2018:3113 https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html https://access.redhat.com/security/cve/CVE-2018-6764 https://bugzilla.redhat.com/show_bug.cgi?id=1541444 • CWE-179: Incorrect Behavior Order: Early Validation CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103003 https://access.redhat.com/errata/RHSA-2018:0334 https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html https://crbug.com/806388 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6056 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 1CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c
https://notcve.org/view.php?id=CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmente sensibles o, posiblemente, a otro tipo de impacto sin especificar (por ejemplo, un desbordamiento de enteros) mediante paquetes VNC especialmente manipulados. • http://www.openwall.com/lists/oss-security/2018/02/18/1 http://www.securityfocus.com/bid/103107 https://access.redhat.com/errata/RHSA-2018:1055 https://github.com/LibVNC/libvncserver/issues/218 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://se • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •