CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2018-16871 – kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
https://notcve.org/view.php?id=CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Se detectó un fallo en la implementación de NFS del kernel de Linux, todas las versiones 3.x y todas las versiones 4.x hasta 4.20. • https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2020:0740 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871 https://security.netapp.com/advisory/ntap-20211004-0002 https://support.f5.com/csp/article/K18657134 https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2018-16871 https://bugzilla.redhat.com/show_b • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 28EXPL: 1CVE-2019-1010238 – pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. Pango versión 1.42 y posterior de Gnome, está afectada por: Desbordamiento de Búfer. • https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2571 https://access.redhat.com/errata/RHSA-2019:2582 https://access.redhat.com/errata/RHSA-2019:2594 https://access.redhat.com/errata/RHSA-2019:3234 https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c https://gitlab.gnome.org/GNOME/pango/-/issues/342 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDD • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10166 – libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
https://notcve.org/view.php?id=CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, permitiría a los clientes de solo lectura utilizar la API de la función virDomainManagedSaveDefineXML(), lo que les permitiría modificar archivos de estado managed save. Si un managed save ya ha sido creado por un usuario privilegiado, un atacante local podría modificar este archivo de manera que libvirtd ejecutaría un programa arbitrario cuando el dominio esté reanudado. It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166 https://security.gentoo.org/glsa/202003-18 https://access.redhat.com/security/cve/CVE-2019-10166 https://bugzilla.redhat.com/show_bug.cgi?id=1720114 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10167 – libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
https://notcve.org/view.php?id=CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. La API libvirt de la función virConnectGetDomainCapabilities(), versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, acepta un argumento "emulatorbin" para especificar el programa que proporciona emulación para un dominio. Desde versión v1.2.19, libvirt ejecutará ese programa para examinar las capacidades del dominio. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 https://security.gentoo.org/glsa/202003-18 https://access.redhat.com/security/cve/CVE-2019-10167 https://bugzilla.redhat.com/show_bug.cgi?id=1720117 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10168 – libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
https://notcve.org/view.php?id=CVE-2019-10168
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Las APIs libvirt de las funciones virConnectBaselineHypervisorCPU() y virConnectCompareHypervisorCPU(), versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, aceptan un argumento "emulator" para especificar el programa que proporciona emulación para un dominio. Desde versión v1.2.19, libvirt ejecutará ese programa para examinar las capacidades del dominio. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168 https://security.gentoo.org/glsa/202003-18 https://access.redhat.com/security/cve/CVE-2019-10168 https://bugzilla.redhat.com/show_bug.cgi?id=1720118 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control •