CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-10901 – kernel: kvm: vmx: host GDT limit corruption
https://notcve.org/view.php?id=CVE-2018-10901
26 Jul 2018 — A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. Se encontró un fallo en el subsistema de virtualización KVM del kernel de Linux. • http://www.securityfocus.com/bid/104905 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
06 Jul 2018 — The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non... • https://www.exploit-db.com/exploits/45033 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 2CVE-2018-1126 – procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
https://notcve.org/view.php?id=CVE-2018-1126
22 May 2018 — procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un tamaño de entero incorrecto en proc/alloc.* que conduce a problemas de truncado/desbordamiento de enteros. Este error está relacionado con CVE-2018-1124. A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `si... • https://packetstorm.news/files/id/147806 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.6EPSS: 46%CPEs: 665EXPL: 7CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://packetstorm.news/files/id/147839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
02 May 2018 — The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del siste... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 44%CPEs: 29EXPL: 1CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
06 Apr 2018 — GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; espe... • https://packetstorm.news/files/id/154124 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 38%CPEs: 25EXPL: 4CVE-2018-1000140 – librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
https://notcve.org/view.php?id=CVE-2018-1000140
23 Mar 2018 — rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. rsyslog librelp en versiones 1.2.14 y anteriores contiene una vulnerabilidad de desbordamiento de búfer en la verificación de certificados x509 desde un peer que puede r... • https://packetstorm.news/files/id/172829 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 22%CPEs: 23EXPL: 5CVE-2018-7750 – Paramiko 2.4.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-7750
13 Mar 2018 — transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. transport.py en la implementación del servidor SSH de Paramiko, en versiones anteriores a la 1.17.6; versiones 1.18.x ante... • https://packetstorm.news/files/id/150020 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 11%CPEs: 72EXPL: 0CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash
https://notcve.org/view.php?id=CVE-2017-3145
16 Jan 2018 — BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria ... • http://www.securityfocus.com/bid/102716 • CWE-416: Use After Free •