CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5008 – flash-plugin: Information Disclosure vulnerability (APSB18-24)
https://notcve.org/view.php?id=CVE-2018-5008
Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player, en versiones 30.0.0.113 y anteriores, tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/104698 http://www.securitytracker.com/id/1041248 https://access.redhat.com/errata/RHSA-2018:2175 https://helpx.adobe.com/security/products/flash-player/apsb18-24.html https://access.redhat.com/security/cve/CVE-2018-5008 https://bugzilla.redhat.com/show_bug.cgi?id=1599811 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10872 – kernel: error in exception handling leads to DoS (CVE-2018-8897 regression)
https://notcve.org/view.php?id=CVE-2018-10872
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE. • https://access.redhat.com/errata/RHSA-2018:2164 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-10872 https://bugzilla.redhat.com/show_bug.cgi?id=1596094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-13785 – libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. En libpng 1.6.34, un cálculo erróneo de row_factor en la función png_check_chunk_length (pngrutil.c) podría desencadenar un desbordamiento de enteros y una división entre cero resultante al procesar un archivo PNG manipulado, lo que conduciría a una denegación de servicio (DoS). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105599 http://www.securitytracker.com/id/1041889 https://access.redhat.com/errata/RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3008 https://access.redhat.com/errata/ • CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. La función inode_init_owner en fs/inode.c en el kernel de Linux hasta la versión 3.16 permite a los usuarios locales crear archivos con una propiedad de grupo no deseada, en un escenario donde un directorio es SGID a un cierto grupo y es escribible por un usuario que no es miembro de ese grupo. • https://www.exploit-db.com/exploits/45033 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 http://openwall.com/lists/oss-security/2018/07/13/2 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0717 https://access.redhat.com/errata/RHSA- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •