CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2CVE-2018-14634 – Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-14634
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. Se ha encontrado un error de desbordamiento de enteros en la función create_elf_tables() del kernel de Linux. Un usuario local sin privilegios con acceso al binario SUID (o a otro privilegiado) podría emplear este error para escalar sus privilegios en el sistema. • https://www.exploit-db.com/exploits/45516 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/105407 https://access.redhat.com/errata/RHSA-2018:2748 https://access.redhat.com/errata/RHSA-2018:2763 https://access.redhat.com/errata/RHSA-2018:2846 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018:2925 https://access.redhat.com/errata/RHSA-2018:2933 https://access.redhat.com/errata/RHSA- • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12385 – Mozilla: Crash in TransportSecurityInfo due to cached data
https://notcve.org/view.php?id=CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. Un cierre inesperado potencialmente explotable en TransportSecurityInfo empleado para SSL puede desencadenarse por los datos almacenados en la caché local en el directorio de perfil del usuario. • http://www.securityfocus.com/bid/105380 http://www.securitytracker.com/id/1041700 http://www.securitytracker.com/id/1041701 https://access.redhat.com/errata/RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://bugzilla.mozilla.org/show_bug.cgi?id=1490585 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810- • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0CVE-2018-14633 – kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target
https://notcve.org/view.php?id=CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. • http://www.securityfocus.com/bid/105388 https://access.redhat.com/errata/RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2018-17183 – ghostscript: User-writable error exception table
https://notcve.org/view.php?id=CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Artifex Ghostscript en versiones anteriores a la 9.25 permitía una tabla de excepción de error que puede escribir el usuario. Esta tabla podía ser usada por los atacantes remotos capaces de proporcionar PostScript manipulados para poder sobrescribir o reemplazar manipuladores de errores para inyectar código. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699708 https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html https://usn.ubuntu.com/3773-1 https://access.redhat.com/security/cve/CVE-2018-17183 https://bugzilla.redhat.com/show_bug.cgi?id=1632471 • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14638 – 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly
https://notcve.org/view.php?id=CVE-2018-14638
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. Se ha descubierto un problema en versiones anteriores a la 1.3.8.4-13 de 389-ds-base. El proceso ns-slapd se cierra inesperadamente en la función delete_passwdPolicy cuando las conexiones de búsqueda persistente se terminan inesperadamente, lo que conduce a una denegación de servicio (DoS) remota. A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. • https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 https://access.redhat.com/security/cve/CVE-2018-14638 https://bugzilla.redhat.com/show_bug.cgi?id=1626079 • CWE-400: Uncontrolled Resource Consumption CWE-415: Double Free •