CVSS: 9.1EPSS: 13%CPEs: 15EXPL: 24CVE-2018-10933 – libSSH - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. Se ha detectado una vulnerabilidad en la máquina de estado del lado del servidor de libssh en versiones anteriores a la 0.7.6 y 0.8.4. Un cliente malicioso podría crear canales sin realizar antes la autenticación, lo que resulta en un acceso no autorizado. libSSH suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/45638 https://www.exploit-db.com/exploits/46307 https://github.com/blacknbunny/CVE-2018-10933 https://github.com/SoledaD208/CVE-2018-10933 https://github.com/jas502n/CVE-2018-10933 https://github.com/Virgula0/POC-CVE-2018-10933 https://github.com/shifa123/pythonprojects-CVE-2018-10933 https://github.com/kn6869610/CVE-2018-10933 https://github.com/xFreed0m/CVE-2018-10933 https://github.com/r3dxpl0it/CVE-2018-10933 https://github.com&#x • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1000808 – pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store
https://notcve.org/view.php?id=CVE-2018-1000808
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. Python Cryptographic Authority pyopenssl en versiones anteriores a la 17.5.0 contiene una vulnerabilidad CWE - 401: Error al liberar memoria antes de eliminar la última referencia en PKCS #12 Store que puede resultar en una denegación de servicio (DoS) si hay poca memoria o ésta se agota. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html https://access.redhat.com/errata/RHSA-2019:0085 https://github.com/pyca/pyopenssl/pull/723 https://usn.ubuntu.com/3813-1 https://access.redhat.com/security/cve/CVE-2018-1000808 https://bugzilla.redhat.com/show_bug.cgi?id=1640216 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 10.0EPSS: 32%CPEs: 6EXPL: 1CVE-2018-14649 – ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution
https://notcve.org/view.php?id=CVE-2018-14649
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. • http://www.securityfocus.com/bid/105434 https://access.redhat.com/articles/3623521 https://access.redhat.com/errata/RHSA-2018:2837 https://access.redhat.com/errata/RHSA-2018:2838 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 https://github.com/ceph/ceph-iscsi-cli/issues/120 https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b https://access.redhat.com/security/cve/CVE-2018-14649 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-11763 – Apache2 mod_http2 header Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. En Apache HTTP Server, de la versión 2.4.17 a la 2.4.34, mediante el envío continuo de tramas SETTINGS grandes, un cliente puede ocupar una conexión, hilo del servidor y tiempo de CPU sin que se active ningún agotamiento del tiempo de conexión. Esto solo afecta a las conexiones HTTP/2. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://www.securityfocus.com/bid/105414 http://www.securitytracker.com/id/1041713 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7f • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1127 – tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions
https://notcve.org/view.php?id=CVE-2018-1127
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user. Tendrl API en Red Hat Gluster Storage en versiones anteriores a la 3.4.0 no elimina inmediatamente los tokens de sesión una vez el usuario ha cerrado sesión. Los tokens de sesión siguen activos durante unos pocos minutos, lo que permite que los atacantes reproduzcan los tokens adquiridos mediante ataques de rastreo o Man-in-the-Middle (MitM) y autenticándose como el usuario objetivo. • http://www.securitytracker.com/id/1041597 https://access.redhat.com/errata/RHSA-2018:2616 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 https://github.com/Tendrl/api/pull/422 https://access.redhat.com/security/cve/CVE-2018-1127 https://bugzilla.redhat.com/show_bug.cgi?id=1575835 • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •