CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3891 – candlepin: credentials exposure through log files
https://notcve.org/view.php?id=CVE-2019-3891
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. Se descubrió que un archivo de registro de lectura para todos los usuarios, perteneciente al componente Candlepin de Red Hat Satellite 6.4, filtró las credenciales de la base de datos Candlepin. Un usuario malicioso con acceso local a un host Satellite puede usar esas credenciales para modificar la base de datos y evitar que Satellite obtenga actualizaciones de paquetes, impidiendo así que todos los hosts Satellite accedan a esas actualizaciones. It was discovered that a world-readable log file, belonging to the Candlepin component of Red Hat Satellite 6.4, leaked the credentials of the Candlepin database. • https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891 https://access.redhat.com/security/cve/CVE-2019-3891 https://bugzilla.redhat.com/show_bug.cgi?id=1693867 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3845 – katello-installer-base: QMF methods exposed to goferd via qdrouterd
https://notcve.org/view.php?id=CVE-2019-3845
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands. Se encontró una falta de control de acceso en las colas de mensajes mantenidas por el broker QPID de Satellite y usadas por katello-agent en versiones anteriores a Satellite 6.2, Satellite 6.1 opcional y Satellite Capsule 6.1. Un usuario malintencionado autenticado en un host registrado en Satellite (o Capsule) puede usar este fallo para acceder a los métodos de QMF en cualquier host también registrado en Satellite (o Capsule) y ejecutar comandos privilegiados. A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. • https://access.redhat.com/errata/RHSA-2019:1223 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845 https://access.redhat.com/security/cve/CVE-2019-3845 https://bugzilla.redhat.com/show_bug.cgi?id=1684275 • CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3893 – foreman: Recover of plaintext password or token for the compute resources
https://notcve.org/view.php?id=CVE-2019-3893
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. En Foreman se descubrió que la operación de eliminar recursos de cálculo, cuando se ejecuta desde la API de Foreman, conduce a la revelación de la contraseña de texto plano o token para el recurso de cálculo afectado. Un usuario malicioso con el permiso "delete_compute_resource" puede utilizar este fallo para tomar el control de los recursos de cálculo gestionados por Foreman. • http://www.openwall.com/lists/oss-security/2019/04/14/2 http://www.securityfocus.com/bid/107846 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893 https://github.com/theforeman/foreman/pull/6621 https://projects.theforeman.org/issues/26450 https://access.redhat.com/security/cve/CVE-2019-3893 https://bugzilla.redhat.com/show_bug.cgi?id=1696400 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-12549 – JDK: missing null check when accelerating Unsafe calls
https://notcve.org/view.php?id=CVE-2018-12549
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. En Eclipse OpenJ9 0.11.0, el compilador JIT de OpenJ9 podría omitir incorrectamente una comprobación nula en el objeto recibidor de una llamada no segura al acelerarla. • https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:1238 https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019 https://access.redhat.com/security/cve/CVE-2018-12549 https://bugzilla.redhat.com/show_bug.cgi?id=1685717 • CWE-20: Improper Input Validation CWE-111: Direct Use of Unsafe JNI •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2018-12547 – JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
https://notcve.org/view.php?id=CVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. En Eclipse OpenJ9, en versiones anteriores a la 0.12.0, los métodos nativos jio_snprintf() y jio_vsnprintf() ignoraban el parámetro length. Esto afecta a las API existentes que llamaban a las funciones para sobrepasar el búfer asignado. • https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0473 https://access.redhat.com/errata/RHSA-2019:0474 https://access.redhat.com/errata/RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:1238 https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659 https://access.redhat.com/security/cve/CVE-2018-12547 https://bugzilla.redhat.com/show_bug.cgi?id=1685611 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •