Page 2 of 30 results (0.015 seconds)

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase

https://notcve.org/view.php?id=CVE-2018-16846

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846 https://ceph.com/releases/13-2-4-mimic-released https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://usn.ubuntu.com/4035-1 https://access.redhat.com/securi • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 10.0EPSS: 32%CPEs: 6EXPL: 1

CVE-2018-14649 – ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

https://notcve.org/view.php?id=CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. • http://www.securityfocus.com/bid/105434 https://access.redhat.com/articles/3623521 https://access.redhat.com/errata/RHSA-2018:2837 https://access.redhat.com/errata/RHSA-2018:2838 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 https://github.com/ceph/ceph-iscsi-cli/issues/120 https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b https://access.redhat.com/security/cve/CVE-2018-14649 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution

https://notcve.org/view.php?id=CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://www.securitytracker.com/id/1041396 https://access.redhat.com/errata/RHBA-2018:3788 https://access.redhat.com/errata/RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2585 https://access.redhat.co • CWE-426: Untrusted Search Path •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 2

CVE-2016-9579 – ceph: Object Gateway server DoS by sending invalid cross-origin HTTP request

https://notcve.org/view.php?id=CVE-2016-9579

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. Se ha encontrado un error en la forma en la que Ceph Object Gateway procesa peticiones HTTP cross-origin si la política CORS está configurada para permitir el origen en un bucket. Un atacante remoto no autenticado podría utilizar este problema para provocar una denegación de servicio (DoS) mediante el envío de una petición HTTP cross-origin especialmente manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2954.html http://rhn.redhat.com/errata/RHSA-2016-2956.html http://rhn.redhat.com/errata/RHSA-2016-2994.html http://rhn.redhat.com/errata/RHSA-2016-2995.html http://tracker.ceph.com/issues/18187 http://www.securityfocus.com/bid/94936 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579 https://access.redhat.com/security/cve/CVE-2016-9579 https://bugzilla.redhat.com/show_bug.cgi?id=1403245 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 17

CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. • https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/34766 https://www.exploit-db.com/exploits/35115 https://www.exploit-db.com/exploits/36933 https://www.exploit-db.com/exploits/34765 https://www.exploit-db.com/exploits/34860 https://www.exploit-db.com/exploits/34879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •