CVSS: 9.8EPSS: 59%CPEs: 22EXPL: 2CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file. LibreOffice suffers from a remote arbitrary file disclosure vulnerability. • https://www.exploit-db.com/exploits/44022 https://access.redhat.com/errata/RHSA-2018:0418 https://access.redhat.com/errata/RHSA-2018:0517 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure https://usn.ubuntu.com/3579-1 https://www.debian.org/security/2018/dsa-4111 https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 https://access.red • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 3%CPEs: 13EXPL: 28CVE-2018-6574 – golang: arbitrary code execution during "go get" via C compiler options
https://notcve.org/view.php?id=CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. Go, en versiones anteriores a la 1.8.7; Go en versiones 1.9.x anteriores a la 1.9.4 y los prelanzamientos de Go 1.10 anteriores a Go 1.10rc2 permiten la ejecución remota de comandos "go get" durante la construcción del código fuente aprovechando la característica del plugin gcc o clang debido a que los argumentos -fplugin= y -plugin= no se bloquearon. An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. • https://github.com/neargle/Go-Get-RCE-CVE-2018-6574-POC https://github.com/qweraqq/CVE-2018-6574 https://github.com/frozenkp/CVE-2018-6574 https://github.com/darthvader-htb/CVE-2018-6574 https://github.com/antunesmpedro/CVE-2018-6574 https://github.com/asavior2/CVE-2018-6574 https://github.com/Dannners/CVE-2018-6574-go-get-RCE https://github.com/jftierno/-CVE-2018-6574 https://github.com/ItsFadinG/CVE-2018-6574 https://github.com/OLAOLAOLA789/CVE-2018-6574 htt • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6560 – flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake
https://notcve.org/view.php?id=CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. En dbus-proxy/flatpak-proxy.c en Flatpak en versiones anteriores a la 0.8.9, 0.9.x y 0.10.x anteriores a la 0.10.3, se pueden utilizar mensajes D-Bus manipulados para salir del sandbox, ya que la gestión de los espacios en blanco en el proxy no es idéntica a cómo gestiona el demonio los espacios en blanco. It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface. • https://access.redhat.com/errata/RHSA-2018:2766 https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6 https://github.com/flatpak/flatpak/releases/tag/0.10.3 https://github.com/flatpak/flatpak/releases/tag/0.8.9 https://access.redhat.com/security/cve/CVE-2018-6560 https://bugzilla.redhat.com/show_bug.cgi?id=1542207 • CWE-270: Privilege Context Switching Error CWE-436: Interpretation Conflict •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten. • http://www.securitytracker.com/id/1041520 https://access.redhat.com/errata/RHSA-2018:0260 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://usn.ubuntu.com/3558-1 https://access.redhat.com/security/cve/CVE-2018-1049 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. • http://www.securitytracker.com/id/1040319 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:2948 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://patchwork.kernel.org/patch/10174835 https://usn.ubuntu.com/3631-1 https://usn.ubuntu.com/3631-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •