Page 5 of 150 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2018-16881 – rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled

https://notcve.org/view.php?id=CVE-2018-16881

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en rsyslog en el módulo imptcp. Un atacante podría enviar un mensaje especialmente manipulado al socket imptcp, lo que conduciría al cierre forzado de rsyslog. • https://access.redhat.com/errata/RHBA-2019:2501 https://access.redhat.com/errata/RHSA-2019:2110 https://access.redhat.com/errata/RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2439 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881 https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html https://access.redhat.com/security/cve/CVE-2018-16881 https://bugzilla.redhat.com/show_bug.cgi?id=1658366 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1

CVE-2018-18397 – kernel: userfaultfd bypasses tmpfs file permissions

https://notcve.org/view.php?id=CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demostrado al permitir que usuarios locales escriban datos en huecos en un archivo tmpfs (si el usuario tiene acceso de solo lectura a dicho archivo que contiene huecos). Esto está relacionado con fs/userfaultfd.c y mm/userfaultfd.c. A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0202 https://access.redhat.com/errata/RHSA-2019:0324 https://access.redhat.com/errata/RHSA-2019:0831 https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87& • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •

CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 1

CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation

https://notcve.org/view.php?id=CVE-2018-18559

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0188 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2020:0174 https://blogs.securiteam.com/index.php/archives/3731 https://access.redhat.com/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0

CVE-2018-1000805 – python-paramiko: Authentication bypass in auth_handler.py

https://notcve.org/view.php?id=CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante conectividad de red. • https://access.redhat.com/errata/RHBA-2018:3497 https://access.redhat.com/errata/RHSA-2018:3347 https://access.redhat.com/errata/RHSA-2018:3406 https://access.redhat.com/errata/RHSA-2018:3505 https://github.com/paramiko/paramiko/issues/1283 https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html https://usn.ubuntu.com/3796-1 h • CWE-305: Authentication Bypass by Primary Weakness CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-10911 – glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory

https://notcve.org/view.php?id=CVE-2018-10911

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. Se ha detectado un error en la forma en la que la función dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podría utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado. A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:2892 https://access.redhat.com/errata/RHSA-2018:3242 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •