CVSS: 10.0EPSS: 32%CPEs: 6EXPL: 1CVE-2018-14649 – ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution
https://notcve.org/view.php?id=CVE-2018-14649
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. • http://www.securityfocus.com/bid/105434 https://access.redhat.com/articles/3623521 https://access.redhat.com/errata/RHSA-2018:2837 https://access.redhat.com/errata/RHSA-2018:2838 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 https://github.com/ceph/ceph-iscsi-cli/issues/120 https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b https://access.redhat.com/security/cve/CVE-2018-14649 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/460 https://github.com/SegfaultMasters/covering360/blob/master/Exiv2 https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/3852-1 https://access.redhat.com/security/cve/CVE-2018-17581 https://bugzilla.redhat.com/show_bug.cgi?id=1635045 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 1CVE-2018-14650 – sos-collector: incorrect permissions set on newly created files
https://notcve.org/view.php?id=CVE-2018-14650
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. Se ha descubierto que sos-collector no establece correctamente los permisos por defecto de los nuevos archivos creados, haciendo que todos los archivos creados por la herramienta puedan ser leídos por cualquier usuario local. Un atacante local podría utilizar este error esperando a que un usuario legítimo ejecute sos-collector y robe los datos recopilados en el directorio /var/tmp. • https://access.redhat.com/errata/RHSA-2018:3663 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650 https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed https://access.redhat.com/security/cve/CVE-2018-14650 https://bugzilla.redhat.com/show_bug.cgi?id=1633243 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-17458 – chromium-browser: Function signature mismatch in WebAssembly
https://notcve.org/view.php?id=CVE-2018-17458
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una actualización incorrecta de la tabla "dispatch" de WebAssembly en WebAssembly en Google Chrome, en versiones anteriores a la 69.0.3497.92, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2818 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html https://crbug.com/875322 https://access.redhat.com/security/cve/CVE-2018-17458 https://bugzilla.redhat.com/show_bug.cgi?id=1628078 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-17459 – chromium-browser: URL Spoofing in Omnibox
https://notcve.org/view.php?id=CVE-2018-17459
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta de los clics en Omnibox (barra de direcciones) en Navigation en Google Chrome, en versiones anteriores a la 69.0.3497.92, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2818 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html https://crbug.com/880759 https://access.redhat.com/security/cve/CVE-2018-17459 https://bugzilla.redhat.com/show_bug.cgi?id=1628080 •