CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
10 Jul 2018 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-426: Untrusted Search Path •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2018-11053 – iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability
https://notcve.org/view.php?id=CVE-2018-11053
26 Jun 2018 — Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. El módulo de servicio Dell EMC iDRAC para todas las versiones de Linux compa... • http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4190 – Missing verification of host key for kdump server
https://notcve.org/view.php?id=CVE-2011-4190
08 Jun 2018 — The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). La implementación kdump carece de la verificación de clave host en la integración OpenSSH de kdump y mkdumprd d... • https://bugzilla.suse.com/show_bug.cgi?id=722440 • CWE-306: Missing Authentication for Critical Function CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3172 – unix2_chkpwd do not check for a valid account
https://notcve.org/view.php?id=CVE-2011-3172
08 Jun 2018 — A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. Una vulnerabilidad en pam_modules de SUSE Linux Enterprise permite a los atacantes iniciar sesión en cuentas que deberían haberse desactivado. Las versiones afectadas son SUSE Linux Enterprise: versiones anteriores a la 12. • https://bugzilla.suse.com/show_bug.cgi?id=707645 • CWE-264: Permissions, Privileges, and Access Controls CWE-304: Missing Critical Step in Authentication •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 2CVE-2017-14798 – local privilege escalation in SUSE postgresql init script
https://notcve.org/view.php?id=CVE-2017-14798
01 Mar 2018 — A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. Una condición de carrera en el script init de postgresql podría ser aprovechada por atacantes para acceder a la cuenta postgresql y escalar sus privilegios a root. PostgreSQL version 9.4-0.5.3 suffers from a privilege escalation vulnerability. • https://packetstorm.news/files/id/148884 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 8%CPEs: 52EXPL: 7CVE-2017-1000366 – Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000366
19 Jun 2017 — glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH esp... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7995
https://notcve.org/view.php?id=CVE-2017-7995
03 May 2017 — Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Xen PV guest anterior a Xen 4.3 chequea los permisos de acceso a los rangos MMIO sólo después de acceder a ellos, lo que permite leer en un dispositivo de memoria PCI, dando lugar a la divulgación de información. Se tr... • http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9957 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9957
12 Apr 2017 — Stack-based buffer overflow in game-music-emu before 0.6.1. Desbordamiento de búfer basado en pila en game-music-emu en versiones anteriores a 0.6.1. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9958 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9958
12 Apr 2017 — game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu en versiones anteriores a 0.6.1 permite a atacantes remotos escribir en ubicaciones de memoria arbitrarias. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •