Page 35 of 588 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-6560 – flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake

https://notcve.org/view.php?id=CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. En dbus-proxy/flatpak-proxy.c en Flatpak en versiones anteriores a la 0.8.9, 0.9.x y 0.10.x anteriores a la 0.10.3, se pueden utilizar mensajes D-Bus manipulados para salir del sandbox, ya que la gestión de los espacios en blanco en el proxy no es idéntica a cómo gestiona el demonio los espacios en blanco. It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface. • https://access.redhat.com/errata/RHSA-2018:2766 https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6 https://github.com/flatpak/flatpak/releases/tag/0.10.3 https://github.com/flatpak/flatpak/releases/tag/0.8.9 https://access.redhat.com/security/cve/CVE-2018-6560 https://bugzilla.redhat.com/show_bug.cgi?id=1542207 • CWE-270: Privilege Context Switching Error CWE-436: Interpretation Conflict •

CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0

CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up

https://notcve.org/view.php?id=CVE-2018-1049

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten. • http://www.securitytracker.com/id/1041520 https://access.redhat.com/errata/RHSA-2018:0260 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://usn.ubuntu.com/3558-1 https://access.redhat.com/security/cve/CVE-2018-1049 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 14%CPEs: 51EXPL: 0

CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets

https://notcve.org/view.php?id=CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0

CVE-2018-5748 – libvirt: Resource exhaustion via qemuMonitorIORead() method

https://notcve.org/view.php?id=CVE-2018-5748

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. qemu/qemu_monitor.c en libvirt permite que los atacantes provoquen una denegación de servicio (consumo de memoria) mediante una respuesta QEMU grande. • http://www.securityfocus.com/bid/102825 https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html https://access.redhat.com/security/cve/CVE-2018-5748 https://bugzilla.redhat.com/show_bug.cgi?id=1528396 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0

CVE-2018-1000007 – curl: HTTP authentication leak in redirects

https://notcve.org/view.php?id=CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. libcurl, desde la versión 7.1 hasta la 7.57.0, podría filtrar accidentalmente datos de autenticación a terceros. Cuando se le solicita que envíe cabeceras personalizadas en sus peticiones HTTP, libcurl enviará primero ese conjunto de cabeceras al host en la URL inicial pero también, si se le pide que siga redirecciones y se devuelve un código de respuesta HTTP 30X al host mencionado en la URL en el valor de la cabecera de respuesta "Location:". El envío de la misma serie de cabeceras a hosts subsecuentes es un problema en particular para las aplicaciones que pasan cabeceras "Authorization:" personalizadas, ya que esta cabecera suele contener información sensible de privacidad o datos que podrían permitir que otros suplanten la petición del cliente que emplea libcurl. • http://www.openwall.com/lists/oss-security/2022/04/27/4 http://www.securitytracker.com/id/1040274 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2020:0544 https://access.redhat.com/errata/RHSA-2020:0594 https://curl.haxx.se/docs/adv_2018-b3bf.html https://lists.debian.org/debian • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •