CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7536 – hibernate-validator: Privilege escalation when running under the security manager
https://notcve.org/view.php?id=CVE-2017-7536
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). En Hibernate Validator 5.2.x anteriores a 5.2.5 final, 5.3.x y 5.4.x, se ha detectado que cuando los permisos reflectivos del gestor de seguridad, el cual accede a los miembros privados de la clase, se conceden a Hibernate Validator, podría ocurrir un escalado de privilegios. Permitiendo que el código de llamada acceda a esos miembros privados sin ningún permiso, el atacante podría validar una instancia no válida y acceder al valor del miembro privado mediante ConstraintViolation#getInvalidValue(). It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. • http://www.securityfocus.com/bid/101048 http://www.securitytracker.com/id/1039744 https://access.redhat.com/errata/RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https: • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8170
https://notcve.org/view.php?id=CVE-2014-8170
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. ovirt_safe_delete_config en ovirtfunctions.py y otras localizaciones sin especificar en ovirt-node 3.0.0-474-gb852fd7 tal y como se incluye en Red Hat Enterprise Virtualization 3 no emplea comillas correctamente en las cadenas de entrada, lo que permite que los usuarios autenticados y atacantes cercanos físicamente puedan ejecutar comandos arbitrarios mediante un ";" (punto y coma) en una cadena de ayuda. • https://bugzilla.redhat.com/show_bug.cgi?id=1194745 https://gerrit.ovirt.org/gitweb?p=ovirt-node.git%3Ba=blob%3Bf=src/ovirtnode/ovirtfunctions.py%3Bh=caef7ef019ca12b49aa3c030792538956fb4caad%3Bhb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 11%CPEs: 10EXPL: 0CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine
https://notcve.org/view.php?id=CVE-2017-7539
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servidores de NBD (Network Block Device) en el que la corrutina I/O no estaba definida. Esto podría provocar el cierre inesperado del servidor qemu-nbd si un cliente envía datos no esperados durante la negociación de la conexión. • http://www.openwall.com/lists/oss-security/2017/07/21/4 http://www.securityfocus.com/bid/99944 https://access.redhat.com/errata/RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3474 https://bugzilla.redhat.com/show_b • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5293
https://notcve.org/view.php?id=CVE-2015-5293
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. Red Hat Enterprise Virtualization Manager 3.6 y anteriores entrega direcciones SLAAC IPv6 válidas a interfaces cuando "boot protocol" se establece como None. Esto podría permitir que atacantes remotos se comuniquen con un sistema diseñado para ser inalcanzable. • https://access.redhat.com/security/cve/CVE-2015-5293 https://bugzilla.redhat.com/show_bug.cgi?id=1267714 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6310
https://notcve.org/view.php?id=CVE-2016-6310
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. oVirt Engine divulga ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD en un archivo /var/log/ovirt-engine/engine.log en RHEV en versiones anteriores a la 4.0. • http://www.securityfocus.com/bid/92345 https://bugzilla.redhat.com/show_bug.cgi?id=1363738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •