CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 1CVE-2019-3460 – kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
https://notcve.org/view.php?id=CVE-2019-3460
03 Apr 2019 — A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Se ha descubierto una fuga de información en múltiples ubicaciones en memoria dinámica, incluyendo L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical acc... • http://www.openwall.com/lists/oss-security/2019/06/27/2 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 5.9EPSS: 6%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64... • https://github.com/michelleamesquita/CVE-2018-16890 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 33%CPEs: 23EXPL: 1CVE-2019-3822 – curl: NTLMv2 type-3 header stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-3822
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the loca... • http://www.securityfocus.com/bid/106950 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-16881 – rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled
https://notcve.org/view.php?id=CVE-2018-16881
25 Jan 2019 — A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en rsyslog en el módulo imptcp. Un atacante podría enviar un mensaje especialmente manipulado al socket imptcp, lo que conduciría al cierre forzado de rsyslog. • https://access.redhat.com/errata/RHBA-2019:2501 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 2CVE-2018-18397 – kernel: userfaultfd bypasses tmpfs file permissions
https://notcve.org/view.php?id=CVE-2018-18397
12 Dec 2018 — The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demos... • https://packetstorm.news/files/id/150748 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 1CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation
https://notcve.org/view.php?id=CVE-2018-18559
22 Oct 2018 — In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Pro... • https://access.redhat.com/errata/RHBA-2019:0327 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-1000805 – python-paramiko: Authentication bypass in auth_handler.py
https://notcve.org/view.php?id=CVE-2018-1000805
08 Oct 2018 — Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante conectividad de red. The python-paramiko packa... • https://access.redhat.com/errata/RHBA-2018:3497 • CWE-305: Authentication Bypass by Primary Weakness CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 0CVE-2018-10911 – glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory
https://notcve.org/view.php?id=CVE-2018-10911
04 Sep 2018 — A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. Se ha detectado un error en la forma en la que la función dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podría utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado. A flaw was found in dict.c:dict_unserialize function ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •