CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3874 – kernel: SCTP socket buffer memory leak leading to denial of service
https://notcve.org/view.php?id=CVE-2019-3874
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. El búfer del socket SCTP utilizado por una aplicación de espacio de usuario no es tenido en cuenta por el subsistema de cgroups. Un atacante podría explotar este error para lanzar un ataque de denegación de servicio. • https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://security.netapp.com/advisory/ntap-20190411-0003 https://usn.ubuntu.com/3979-1 https://usn.ubuntu.com/3980-1 https://usn.ubuntu.com/3980-2 https://usn.ubuntu.com/3981-1 https://usn.ubuntu.com/3981-2 https://usn.ubuntu.com/398 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2019-9948 – python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
https://notcve.org/view.php?id=CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. urllib en Python, en versiones 2.x hasta la 2.7.16, soporta el esquema local_file:, lo que facilita que los atacantes remotos omitan los mecanismos de protección que ponen en lista negra los URI file:, tal y como queda demostrado con una llamada urllib.urlopen('local_file:///etc/passwd'). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html http://www.securityfocus.com/bid/107549 https://access.redhat.com/errata/RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3520 https://bugs.python.o • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9924 – bash: BASH_CMD is writable in restricted bash shells
https://notcve.org/view.php?id=CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. rbash en Bash • http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441 https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html https://security.netapp.com/advisory/ntap-20190411-0001 https://usn.ubuntu.com/4058-1 https://usn.ubuntu.com/4058-2 https://access.redhat.com/security/cve/CVE-2019-9924 https://bugzilla.r • CWE-138: Improper Neutralization of Special Elements CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2019-7303 – Snapd seccomp filter TIOCSTI ioctl bypass
https://notcve.org/view.php?id=CVE-2019-7303
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4. Una vulnerabilidad en los filtros seccomp de Canonical snapd anterior a la versión 2.37.4 permite un ajuste de modo estricto para introducir caracteres en un terminal en un host de 64 bits. Las reglas de seccomp se generaron para que coincidieran con los comandos ioctl (2) de 64 bits en una plataforma de 64 bits; sin embargo, el kernel de Linux solo utiliza los bits inferiores 32 para determinar qué comandos ioctl (2) ejecutar. • https://www.exploit-db.com/exploits/46594 https://usn.ubuntu.com/3917-1 • CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20669
https://notcve.org/view.php?id=CVE-2018-20669
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Se ha descubierto un problema por el cual una dirección proporcionada con access_ok() no se comprueba en i915_gem_execbuffer2_ioctl en drivers/gpu/drm/i915/i915_gem_execbuffer.c en el kernel de Linux hasta la versión 4.19.13. Un atacante local puede manipular una llamada de función IOCTL para sobrescribir memoria arbitraria del kernel, lo que resulta en una denegación de servicio (DoS) o el escalado de privilegios. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://www.openwall.com/lists/oss-security/2019/01/23/6 http://www.securityfocus.com/bid/106748 https://access.redhat.com/security/cve/cve-2018-20669 https://security.netapp.com/advisory/ntap-20190404-0002 https://support.f5.com/csp/article/K32059550 https://usn.ubuntu.com/4485-1 • CWE-20: Improper Input Validation •