CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2018-1000199 – kernel: ptrace() incorrect error handling leads to corruption and DoS
https://notcve.org/view.php?id=CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. El kernel de Linux en su versión 3.18 contiene una vulnerabilidad de funcionalidad peligrosa en modify_user_hw_breakpoint() que puede resultar en un cierre inesperado y en una posible corrupción de memoria. El ataque parece ser explotable mediante la ejecución de código local y la capacidad de usar ptrace. • https://github.com/dsfau/CVE-2018-1000199 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.securitytracker.com/id/1040806 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 http://www.securityfocus.com/bid/104093 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018& • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1106 – PackageKit: authentication bypass allows to install signed packages without administrator privileges
https://notcve.org/view.php?id=CVE-2018-1106
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. Se ha encontrado un fallo de omisión de autenticación en PackageKit, en versiones anteriores a la 1.1.10, que permite que usuarios con privilegios de administrador instalen paquetes firmados. Un atacante local puede emplear esta vulnerabilidad para instalar paquetes vulnerables para comprometer aún más un sistema. An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. • http://www.openwall.com/lists/oss-security/2018/04/23/3 https://access.redhat.com/errata/RHSA-2018:1224 https://bugzilla.redhat.com/show_bug.cgi?id=1565992 https://usn.ubuntu.com/3634-1 https://www.debian.org/security/2018/dsa-4207 https://access.redhat.com/security/cve/CVE-2018-1106 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 67EXPL: 0CVE-2017-17833 – openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
https://notcve.org/view.php?id=CVE-2017-17833
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. Las versiones de OpenSLP en las secuencias de código 1.0.2 y 1.1.0 tienen un problema de corrupción de memoria relacionada con la memoria dinámica (heap), que puede manifestarse como una vulnerabilidad de denegación de servicio (DoS) o de ejecución remota de código. A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution. • http://support.lenovo.com/us/en/solutions/LEN-18247 https://access.redhat.com/errata/RHSA-2018:2240 https://access.redhat.com/errata/RHSA-2018:2308 https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html https://security.gentoo.org/glsa/202005-12 https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1 https://usn.ubuntu.com/3708-1 https://access.redhat.com/security/cve/CVE-2017-17833 https://bugzilla.redhat.com/show_bug.cgi?id=1572166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103798 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ •