CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-15572
https://notcve.org/view.php?id=CVE-2018-15572
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. La función spectre_v2_select_mitigation en arch/x86/kernel/cpu/bugs.c en el kernel de Linux en versiones anteriores a la 4.18.1 no siempre completa RSB en un cambio de contexto, lo que hace que sea más fácil para los atacantes realizar ataques spectreRSB espacio de usuario-espacio de usuario. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1 https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 http •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-15471
https://notcve.org/view.php?id=CVE-2018-15471
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. Se descubrió un problema en xenvif_set_hash_mapping en drivers/net/xen-netback/hash.c en el kernel de Linux hasta la versión 4.18.1, tal y como se utiliza en Xen hasta las versiones 4.11.x y otros productos. • http://xenbits.xen.org/xsa/advisory-270.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1607 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3819-1 https://usn.ubuntu.com/3820-1 https://usn.ubuntu.com/3820-2 https://usn.ubuntu.com/3820-3 https://www.debian.org/security/2018/dsa-4313 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-10873 – spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
https://notcve.org/view.php?id=CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.14.1 en la que el código generado utilizado para deserializar mensajes carecía de comprobaciones de límites suficientes. Un cliente o servidor malicioso, después de la autenticación, podría enviar mensajes especialmente manipulados a su peer, lo que resultaría en un cierre inesperado o, potencialmente, otros impactos. A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. • http://www.securityfocus.com/bid/105152 https://access.redhat.com/errata/RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873 https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 2%CPEs: 32EXPL: 18CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto está relacionado con auth2-gss.c, auth2-hostbased.c, y auth2-pubkey.c. A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. • https://www.exploit-db.com/exploits/45939 https://www.exploit-db.com/exploits/45233 https://www.exploit-db.com/exploits/45210 https://github.com/Rhynorater/CVE-2018-15473-Exploit https://github.com/r3dxpl0it/CVE-2018-15473 https://github.com/Sait-Nuri/CVE-2018-15473 https://github.com/LINYIKAI/CVE-2018-15473-exp https://github.com/MrDottt/CVE-2018-15473 https://github.com/yZ1337/CVE-2018-15473 https://github.com/1stPeak/CVE-2018-15473 https://github.com/0xrobiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-14567 – libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
https://notcve.org/view.php?id=CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. libxml2 2.9.8, si se emplea --with-lzma, permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo XML manipulado que desencadena LZMA_MEMLIMIT_ERROR, tal y como queda demostrado por xmllint. Esta vulnerabilidad es diferente de CVE-2015-8035 y CVE-2018-9251. • http://www.securityfocus.com/bid/105198 https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74 https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://usn.ubuntu.com/3739-1 https://access.redhat.com/security/cve/CVE-2018-14567 https://bugzilla.redhat.com/show_bug.cgi?id=1619875 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •