CVSS: 7.9EPSS: 97%CPEs: 22EXPL: 4CVE-2018-1111 – DynoRoot DHCP Client - Command Injection
https://notcve.org/view.php?id=CVE-2018-1111
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. Los paquetes DHCP en Red Hat Enterprise Linux 6 y 7, Fedora 28 y anteriores son vulnerables a un error de inyección de comandos en el script de integración NetworkManager incluido en el cliente DHCP. Un servidor DHCP malicioso o un atacante en la red ocal capaz de suplantar respuestas DHCP podría emplear este error para ejecutar comandos arbitrarios con privilegios root en sistemas que emplean NetworkManager y se configuran para obtener la configuración de red mediante el protocolo de configuración dinámica de host (DHCP). A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. • https://www.exploit-db.com/exploits/44652 https://www.exploit-db.com/exploits/44890 https://github.com/kkirsche/CVE-2018-1111 https://github.com/knqyf263/CVE-2018-1111 http://www.securityfocus.com/bid/104195 http://www.securitytracker.com/id/1040912 https://access.redhat.com/errata/RHSA-2018:1453 https://access.redhat.com/errata/RHSA-2018:1454 https://access.redhat.com/errata/RHSA-2018:1455 https://access.redhat.com/errata/RHSA-2018:1456 https://access.redhat.com&#x • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 4CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. • https://www.exploit-db.com/exploits/44697 https://www.exploit-db.com/exploits/45024 https://github.com/can1357/CVE-2018-8897 https://github.com/nmulasmajic/CVE-2018-8897 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en http: • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 1%CPEs: 42EXPL: 0CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria sin restringir en Google Guava 11.0 hasta las versiones 24.x anteriores a la 24.1.1 permite que los atacantes remotos realicen ataques de denegación de servicio (DoS) contra servidores que dependen de esta librería y que deserialicen datos proporcionados por dichos atacantes debido a que la clase AtomicDoubleArray (cuando se serializa con serialización Java) y la clase CompoundOrdering (cuando se serializa con serialización GWT) realiza una asignación sin comprobar adecuadamente lo que ha enviado un cliente y si el tamaño de los datos es razonable. A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service. • http://www.securitytracker.com/id/1041707 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2598 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:274 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1067 – undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
https://notcve.org/view.php?id=CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. En Undertow, en versiones anteriores a la 7.1.2.CR1, 7.1.2.GA, se descubrió que la solución para CVE-2016-4993 no estaba completa. Por lo tanto, el servidor web de Undertow es vulnerable a la inyección de cabeceras HTTP arbitrarias y también a la separación de respuestas, debido al saneamiento y validación insuficientes de entradas de usuario antes de que se empleen como parte de un valor de cabecera HTTP. It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. • https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067 https://access.redhat.com/security/cve/CVE-2018-1067 https://bugzilla.redhat.com/show_bug.cgi?id=1550671 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1777
https://notcve.org/view.php?id=CVE-2015-1777
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. rhnreg_ks en Red Hat Network Client Tools (también conocido como rhn-client-tools) en Red Hat Gluster Storage 2.1 y Enterprise Linux (RHEL) 5, 6 y 7 no valida correctamente los nombres de host en los certificados X.509 de los servidores SSL. Esto puede permitir que atacantes remotos eviten el registro en el sistema mediante un ataque Man-in-the-Middle (MitM). • http://www.openwall.com/lists/oss-security/2015/03/04/7 http://www.securityfocus.com/bid/72943 https://bugzilla.redhat.com/show_bug.cgi?id=1198740 • CWE-295: Improper Certificate Validation •