CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10168 – libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
https://notcve.org/view.php?id=CVE-2019-10168
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Las APIs libvirt de las funciones virConnectBaselineHypervisorCPU() y virConnectCompareHypervisorCPU(), versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, aceptan un argumento "emulator" para especificar el programa que proporciona emulación para un dominio. Desde versión v1.2.19, libvirt ejecutará ese programa para examinar las capacidades del dominio. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168 https://security.gentoo.org/glsa/202003-18 https://access.redhat.com/security/cve/CVE-2019-10168 https://bugzilla.redhat.com/show_bug.cgi?id=1720118 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10167 – libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
https://notcve.org/view.php?id=CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. La API libvirt de la función virConnectGetDomainCapabilities(), versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, acepta un argumento "emulatorbin" para especificar el programa que proporciona emulación para un dominio. Desde versión v1.2.19, libvirt ejecutará ese programa para examinar las capacidades del dominio. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 https://security.gentoo.org/glsa/202003-18 https://access.redhat.com/security/cve/CVE-2019-10167 https://bugzilla.redhat.com/show_bug.cgi?id=1720117 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10166 – libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
https://notcve.org/view.php?id=CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, permitiría a los clientes de solo lectura utilizar la API de la función virDomainManagedSaveDefineXML(), lo que les permitiría modificar archivos de estado managed save. Si un managed save ya ha sido creado por un usuario privilegiado, un atacante local podría modificar este archivo de manera que libvirtd ejecutaría un programa arbitrario cuando el dominio esté reanudado. It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166 https://security.gentoo.org/glsa/202003-18 https://access.redhat.com/security/cve/CVE-2019-10166 https://bugzilla.redhat.com/show_bug.cgi?id=1720114 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3896 – kernel: Double free in lib/idr.c
https://notcve.org/view.php?id=CVE-2019-3896
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). Puede suceder una vulnerabilidad de doble liberación en la función idr_remove_all() en el archivo lib/idr.c en la sección del kernel de Linux versión 2.6. Un atacante local sin privilegios puede usar este defecto para una escalada de privilegios o para un bloqueo del sistema y una denegación de servicio (DoS). A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel. • http://www.securityfocus.com/bid/108814 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896 https://security.netapp.com/advisory/ntap-20190710-0002 https://support.f5.com/csp/article/K04327111 https://access.redhat.com/security/cve/CVE-2019-3896 https://bugzilla.redhat.com/show_bug.cgi?id=1694812 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2019-7845 – Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-7845
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Las versiones de Adobe Flash Player 32.0.0.192 y anteriores 3.20.0.0.192 y anteriores tiene un use después de vulnerabilidad gratuita. La operación con éxito podría llevar a un código arbitrario de ejecución This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LocalConnection objects. • https://access.redhat.com/errata/RHSA-2019:1476 https://helpx.adobe.com/security/products/flash-player/apsb19-30.html https://security.gentoo.org/glsa/201908-21 https://access.redhat.com/security/cve/CVE-2019-7845 https://bugzilla.redhat.com/show_bug.cgi?id=1719449 • CWE-416: Use After Free •