CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2018-10928 – glusterfs: Improper resolution of symlinks allows for privilege escalation
https://notcve.org/view.php?id=CVE-2018-10928
04 Sep 2018 — A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. Se ha detectado un error en las peticiones RPC que emplean gfs3_symlink_req en el servidor glusterfs, lo que permite que los destinos symlink señalen a rutas de archivo fuera del volumen g... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-10930 – glusterfs: Files can be renamed outside volume
https://notcve.org/view.php?id=CVE-2018-10930
04 Sep 2018 — A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. Se ha detectado un error en las peticiones RPC que emplean gfs3_rename_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para escribir a un destino fuera del volumen gluster. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 1CVE-2018-10936
https://notcve.org/view.php?id=CVE-2018-10936
30 Aug 2018 — A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. Se ha descubierto una debilidad en versiones anteriores a la 42.2.5 de postgresql-jdbc. Era posible proporcionar un SSL Factory y n... • https://github.com/tafamace/CVE-2018-10936 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 10.0EPSS: 4%CPEs: 17EXPL: 0CVE-2011-2767 – mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess
https://notcve.org/view.php?id=CVE-2011-2767
26 Aug 2018 — mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. mod_perl 2.0 hasta la versión 2.0.10 permite que los atacantes ejecuten código Perl colocándolo en u... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 1CVE-2018-1000632 – dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
https://notcve.org/view.php?id=CVE-2018-1000632
20 Aug 2018 — dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. dom4j en versiones anteriores a la 2.1.1 contiene una vulnerabilidad CWE-91: Inyección XML en Clase: Element. Métodos: ... • https://access.redhat.com/errata/RHSA-2019:0362 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 13%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10894 – keycloak: auth permitted with expired certs in SAML client
https://notcve.org/view.php?id=CVE-2018-10894
01 Aug 2018 — It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. Se ha descubierto que la autenticación SAML en Keycloak 3.4.3.Final autenticaba incorrectamente los certificados caducados. Un usuario malicioso podría aprovecharse de esto para acceder a datos no autorizados o, posiblemente, llevar a cabo más ataques. Red Hat OpenShift Application Runtimes provides an a... • https://access.redhat.com/errata/RHSA-2018:3592 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-10901 – kernel: kvm: vmx: host GDT limit corruption
https://notcve.org/view.php?id=CVE-2018-10901
26 Jul 2018 — A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. Se encontró un fallo en el subsistema de virtualización KVM del kernel de Linux. • http://www.securityfocus.com/bid/104905 • CWE-665: Improper Initialization •
CVSS: 7.6EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10862 – wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
https://notcve.org/view.php?id=CVE-2018-10862
26 Jul 2018 — WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. WildFly Core en versiones anteriores a la 6.0.0.0.Alpha3 no valida correctamente las rutas de los archivos en los archivos .war, lo que permite la extracción de archivos .war manipulados para sobrescribir archivos arbitrarios. Este es un ejemplo de la vulnerabilidad 'Zip Slip'. ... • https://access.redhat.com/errata/RHSA-2018:2276 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •