CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10322 – kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service
https://notcve.org/view.php?id=CVE-2018-10322
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. La función xfs_dinode_verify en fs/xfs/libxfs/xfs_inode_buf.c en el kernel de Linux, hasta la versión 4.16.3, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero inválido en xfs_ilock_attr_map_shared) mediante una imagen xfs manipulada. The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service. • http://www.securityfocus.com/bid/103960 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199377 https://usn.ubuntu.com/4578-1 https://usn.ubuntu.com/4579-1 https://www.spinics.net/lists/linux-xfs/msg17215.html https://access.redhat.com/security/cve/CVE-2018-10322 https://bugzilla.redhat.com/show_bug.cgi?id=1571623 • CWE-476: NULL Pointer Dereference •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1088 – glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled
https://notcve.org/view.php?id=CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. Se ha encontrado un error de escalado de privilegios en el programador de capturas en gluster, en versiones 3.x. Cualquier cliente gluster al que se le permita montar volúmenes de gluster también podría montar un volumen de almacenamiento compartido de gluster y escalar privilegios programando un cronjob malicioso mediante un enlace simbólico. A privilege escalation flaw was found in gluster snapshot scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:1136 https://access.redhat.com/errata/RHSA-2018:1137 https://access.redhat.com/errata/RHSA-2018:1275 https://access.redhat.com/errata/RHSA-2018:1524 https://bugzilla.redhat.com/show_bug.cgi?id=1558721 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018- • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: 76%CPEs: 70EXPL: 4CVE-2018-1270 – spring-framework: Possible RCE via spring messaging
https://notcve.org/view.php?id=CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite que las aplicaciones expongan STOMP en endpoints WebSocket con un simple agente STOMP en memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede manipular un mensaje al agente que desemboca en un ataque de ejecución remota de código. Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability. • https://github.com/CaledoniaProject/CVE-2018-1270 https://github.com/Venscor/CVE-2018-1270 https://github.com/tafamace/CVE-2018-1270 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103696 https://access.redhat.com/errata/RHSA-2018:2939 https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E https://lists& • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. • http://www.securityfocus.com/bid/103737 http://www.securitytracker.com/id/1040627 https://access.redhat.com/errata/RHSA-2018:0582 https://access.redhat.com/errata/RHSA-2018:0592 https://access.redhat.com/errata/RHSA-2018:0627 https://access.redhat.com/errata/RHSA-2018:0628 https://access.redhat.com/errata/RHSA-2018:0629 https://access.redhat.com/errata/RHSA-2018:0630 https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https: • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-1068 – kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
https://notcve.org/view.php?id=CVE-2018-1068
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Se ha encontrado un error en la implementación de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permitía que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel. A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. • http://www.securityfocus.com/bid/103459 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:4159 https://bugzilla.redhat.com/show_bug.cgi?id=1552048 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •