CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 3CVE-2018-17961 – ghostscript - executeonly Bypass with errorhandler Setup
https://notcve.org/view.php?id=CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con la configuración de errorhandler. NOTA: este problema existe debido a una solución incompleta para CVE-2018-17183. Ghostscript suffers from an executeonly bypass with errorhandler setup. • https://www.exploit-db.com/exploits/45573 https://github.com/matlink/CVE-2018-17961 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94 http://www.openwall.com/lists/oss-security/2018/10/09/4 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc& • CWE-209: Generation of Error Message Containing Sensitive Information CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-18073 – ghostscript: Saved execution stacks can leak operator arrays
https://notcve.org/view.php?id=CVE-2018-18073
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Artifex Ghostscript permite que los atacantes omitan un mecanismo de protección de sandbox aprovechando la exposición de los operadores del sistema en la pila de ejecución guardada en un objeto error. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html http://www.openwall.com/lists/oss-security/2018/10/10/12 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 https://bugs.ghostscript.com/show_bug.cgi?id=699927 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https://usn.ubuntu.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-1000805 – python-paramiko: Authentication bypass in auth_handler.py
https://notcve.org/view.php?id=CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante conectividad de red. • https://access.redhat.com/errata/RHBA-2018:3497 https://access.redhat.com/errata/RHSA-2018:3347 https://access.redhat.com/errata/RHSA-2018:3406 https://access.redhat.com/errata/RHSA-2018:3505 https://github.com/paramiko/paramiko/issues/1283 https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html https://usn.ubuntu.com/3796-1 h • CWE-305: Authentication Bypass by Primary Weakness CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 27%CPEs: 24EXPL: 7CVE-2018-17456 – Git Submodule - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Git en versiones anteriores a la 2.14.5, versiones 2.15.x anteriores a la 2.15.3, versiones 2.16.x anteriores a la 2.16.5, versiones 2.17.x anteriores a la 2.17.2, versiones 2.18.x anteriores a la 2.18.1 y versiones 2.19.x anteriores a la 2.19.1 permite la ejecución remota de código durante el procesamiento de un "clon de git" recursivo de un superproyecto si un archivo .gitmodules tiene un campo URL que comienza por un carácter "-". An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine. • https://www.exploit-db.com/exploits/45631 https://www.exploit-db.com/exploits/45548 https://github.com/AnonymKing/CVE-2018-17456 https://github.com/matlink/CVE-2018-17456 https://github.com/shpik-kr/CVE-2018-17456 https://github.com/799600966/CVE-2018-17456 https://github.com/KKkai0315/CVE-2018-17456 http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html http:/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 78%CPEs: 53EXPL: 2CVE-2018-11784 – Apache Tomcat 9.0.0.M1 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, redirigiendo a "/foo/'' cuando el usuario solicitó '"/foo") se pudo usar una URL especialmente manipulada para hacer que la redirección se generara a cualquier URI de la elección del atacante. These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018. • https://www.exploit-db.com/exploits/50118 https://github.com/Cappricio-Securities/CVE-2018-11784 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html http://www.securityfocus.com/bid/105524 https://access.redhat.com/errata/RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0131 https://access.redhat.c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •