CVE-2015-1777
https://notcve.org/view.php?id=CVE-2015-1777
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. rhnreg_ks en Red Hat Network Client Tools (también conocido como rhn-client-tools) en Red Hat Gluster Storage 2.1 y Enterprise Linux (RHEL) 5, 6 y 7 no valida correctamente los nombres de host en los certificados X.509 de los servidores SSL. Esto puede permitir que atacantes remotos eviten el registro en el sistema mediante un ataque Man-in-the-Middle (MitM). • http://www.openwall.com/lists/oss-security/2015/03/04/7 http://www.securityfocus.com/bid/72943 https://bugzilla.redhat.com/show_bug.cgi?id=1198740 • CWE-295: Improper Certificate Validation •
CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. • http://www.securityfocus.com/bid/103737 http://www.securitytracker.com/id/1040627 https://access.redhat.com/errata/RHSA-2018:0582 https://access.redhat.com/errata/RHSA-2018:0592 https://access.redhat.com/errata/RHSA-2018:0627 https://access.redhat.com/errata/RHSA-2018:0628 https://access.redhat.com/errata/RHSA-2018:0629 https://access.redhat.com/errata/RHSA-2018:0630 https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https: • CWE-502: Deserialization of Untrusted Data •
CVE-2017-12174 – artemis/hornetq: memory exhaustion via UDP and JGroups discovery
https://notcve.org/view.php?id=CVE-2017-12174
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. Se ha descubierto que cuando Artemis y HornetQ, en versiones anteriores a la 2.4.0, se configuran con detección UDP y detección JGroups, se crea un array con muchos bytes al recibir un mensaje multicast inesperado. Esto podría resultar en un agotamiento de la memoria dinámica (heap), GC completo o OutOfMemoryError. It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. • https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://bugzilla.redhat.com/show_bug. • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2018-1041 – JBoss Remoting 6.14.18 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-1041
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. Se ha encontrado una vulnerabilidad en la forma en la que RemoteMessageChannel, introducido en las versiones 3.3.10 de jboss-remoting, lee desde un búfer vacío. Un atacante podría emplear este error para provocar una denegación de servicio (DoS) mediante un consumo alto de CPU a través de un bucle infinito. A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. • https://www.exploit-db.com/exploits/44099 http://www.securitytracker.com/id/1040323 https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://bugzilla.redhat.com/show_bug.cgi?id=1530457 https://access.redhat.com/security/cve/CVE-2018-1041 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-17485 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
https://notcve.org/view.php?id=CVE-2017-17485
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. FasterXML jackson-databind hasta la versión 2.8.10 y 2.9.x hasta la 2.9.3 permite que se ejecute código de manera remota y no autenticada debido a una solución incompleta de la vulnerabilidad de deserialización CVE-2017-7525. Esto es explotable enviando una entrada JSON manipulada maliciosamente al método readValue de ObjectMapper, omitiendo una lista negra que no es efectiva si las librerías Spring están disponibles en el classpath. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. • https://github.com/Al1ex/CVE-2017-17485 https://github.com/tafamace/CVE-2017-17485 http://www.securityfocus.com/archive/1/541652/100/0/threaded https://access.redhat.com/errata/RHSA-2018:0116 https://access.redhat.com/errata/RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHS • CWE-502: Deserialization of Untrusted Data •