Page 4 of 19 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2

CVE-2018-14634 – Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. Se ha encontrado un error de desbordamiento de enteros en la función create_elf_tables() del kernel de Linux. Un usuario local sin privilegios con acceso al binario SUID (o a otro privilegiado) podría emplear este error para escalar sus privilegios en el sistema. • https://www.exploit-db.com/exploits/45516 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/105407 https://access.redhat.com/errata/RHSA-2018:2748 https://access.redhat.com/errata/RHSA-2018:2763 https://access.redhat.com/errata/RHSA-2018:2846 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018:2925 https://access.redhat.com/errata/RHSA-2018:2933 https://access.redhat.com/errata/RHSA- • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-16597 – kernel: overlayfs file truncation without permissions

https://notcve.org/view.php?id=CVE-2018-16597

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 4.8. La comprobación de acceso incorrecta de montajes de overlayfs podría ser empleada por los atacantes locales para modificar o truncar archivos en el sistema de archivos subyacente An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/105394 https://bugzilla.suse.com/show_bug.cgi?id=1106512 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 https://seclists.org/bugtraq/2019/Jul/33 https://security.netapp.com/advisory/ntap-20190204-0001 https://support. • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3

CVE-2018-17182 – Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2018-17182

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.18.8. La función vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de números de secuencias. • https://www.exploit-db.com/exploits/45497 https://github.com/jas502n/CVE-2018-17182 https://github.com/likescam/CVE-2018-17182 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 http://www.securityfocus.com/bid/105417 http://www.securityfocus.com/bid/106503 http://www.securitytracker.com/id/1041748 https://access.redhat.com/errata/RHSA-2018:3656 https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 https: • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2018-12099 – grafana: Cross-site Scripting (XSS) in dashboard links

https://notcve.org/view.php?id=CVE-2018-12099

Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Grafana en versiones anteriores a la 5.2.0-beta1 tiene vulnerabilidades Cross-Site Scripting (XSS) en los enlaces del cuadro de mandos. • https://github.com/grafana/grafana/pull/11813 https://github.com/grafana/grafana/releases/tag/v5.2.0-beta1 https://security.netapp.com/advisory/ntap-20190416-0004 https://access.redhat.com/security/cve/CVE-2018-12099 https://bugzilla.redhat.com/show_bug.cgi?id=1590017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •