CVE-2019-10247 – jetty: error path information disclosure
https://notcve.org/view.php?id=CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. En Eclipse Jetty versión 7.x, versión 8.x,versión 9.2.27 y anteriores , versión 9.3.26 y anteriores , y versión 9.4.16 y anteriores, el servidor que se ejecuta en cualquier combinación de versión de sistema operativo y Jetty, revelará la ubicación del recurso base de directorio calificado y completamente configurado en la salida del error 404 para no encontrar un contexto que coincida con la path requerida. El comportamiento del servidor por defecto en jetty-distribution y jetty-home incluirá al final del árbol de Handlers un DefaultHandler, que es responsable de informar este error 404, presenta los diversos contextos configurados como HTML para que los usuarios hagan clic. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https://lists. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVE-2019-3901 – kernel: perf_event_open() and execve() race in setuid programs allows a data leak
https://notcve.org/view.php?id=CVE-2019-3901
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. Una condición de carrera en la función perf_event_open() permite a los atacantes locales filtrar datos confidenciales desde los programas setuid. Como no se mantienen bloqueos relevantes (en particular, la función cred_guard_mutex) durante la llamada ptrace_may_access(), es posible que la tarea de destino especificada realice un syscall execve() con la ejecución setuid anterior a que perf_event_alloc() realmente se conecte, permitiendo que un atacante omita la comprobación ptrace_may_access() y la llamada perf_event_exit_task(current) que se realiza en install_exec_creds() durante las llamadas privilegiadas execve(). • http://www.securityfocus.com/bid/89937 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901 https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://security.netapp.com/advisory/ntap-20190517-0005 https://access.redhat.com/security/cve/CVE-2019-3901 https://bugzilla.redhat.com/show_bug.cgi?id=1701245 • CWE-667: Improper Locking •
CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto está relacionado con auth2-gss.c, auth2-hostbased.c, y auth2-pubkey.c. A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. • https://www.exploit-db.com/exploits/45939 https://www.exploit-db.com/exploits/45233 https://www.exploit-db.com/exploits/45210 https://github.com/Rhynorater/CVE-2018-15473-Exploit https://github.com/r3dxpl0it/CVE-2018-15473 https://github.com/Sait-Nuri/CVE-2018-15473 https://github.com/LINYIKAI/CVE-2018-15473-exp https://github.com/MrDottt/CVE-2018-15473 https://github.com/yZ1337/CVE-2018-15473 https://github.com/1stPeak/CVE-2018-15473 https://github.com/0xrobiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2018-2942
https://notcve.org/view.php?id=CVE-2018-2942
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104781 http://www.securitytracker.com/id/1041302 https://security.netapp.com/advisory/ntap-20180726-0001 •
CVE-2018-2941 – JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX)
https://notcve.org/view.php?id=CVE-2018-2941
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104775 http://www.securitytracker.com/id/1041302 https://access.redhat.com/errata/RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2256 https://security.netapp.com/advisory/ntap-20180726-0001 https://access.redhat.com/security/cve/CVE-2018-2941 https://bugzilla.redhat.c •