CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3882 – kernel: denial of service vector through vfio DMA mappings
https://notcve.org/view.php?id=CVE-2019-3882
24 Apr 2019 — A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Se encontró un fallo en la implementación de la interfaz vfio del kernel de Linux que permite la violación del límite de memoria bl... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.6EPSS: 0%CPEs: 11EXPL: 0CVE-2019-3901 – kernel: perf_event_open() and execve() race in setuid programs allows a data leak
https://notcve.org/view.php?id=CVE-2019-3901
22 Apr 2019 — A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during ... • http://www.securityfocus.com/bid/89937 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 42%CPEs: 24EXPL: 1CVE-2019-0217 – httpd: mod_auth_digest: access control bypass due to race condition
https://notcve.org/view.php?id=CVE-2019-0217
03 Apr 2019 — In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. En Apache HTTP Server 2.4 versión 2.4.38 y anteriores, una condición de carrera en mod_auth_digest cuando se ejecuta en un servidor multihilo podría permitir a un usuario con credenciales válidas autenticarse usando otro nombre de usuario, evitando las restr... • https://github.com/savsch/PoC_CVE-2019-0217 • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 8%CPEs: 35EXPL: 2CVE-2019-8936 – Ubuntu Security Notice USN-4563-2
https://notcve.org/view.php?id=CVE-2019-8936
08 Mar 2019 — NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization. The ntpd daemon can crash due to the NULL pointer derefer... • https://github.com/snappyJack/CVE-2019-8936 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 5%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64... • https://github.com/michelleamesquita/CVE-2018-16890 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 33%CPEs: 23EXPL: 1CVE-2019-3822 – curl: NTLMv2 type-3 header stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-3822
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the loca... • http://www.securityfocus.com/bid/106950 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5497
https://notcve.org/view.php?id=CVE-2018-5497
24 Jan 2019 — Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. Clustered Data ONTAP, en sus versiones anteriores a las 9.1P16, 9.3P10 y 9.4P5, es susceptible a una vulnerabilidad que divulga información sensible a un usuario no autenticado. • https://security.netapp.com/advisory/ntap-20190109-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 90%CPEs: 32EXPL: 41CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
17 Aug 2018 — OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto e... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5490
https://notcve.org/view.php?id=CVE-2018-5490
03 Aug 2018 — Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release. Las reglas de política de exportación de solo lectura no se aplican correctamente en Clustered Data ONTAP en versiones 8.3 R... • https://security.netapp.com/advisory/ntap-20150324-0001 • CWE-732: Incorrect Permission Assignment for Critical Resource •