CVE-2018-17958 – QEMU: rtl8139: integer overflow leads to buffer overflow
https://notcve.org/view.php?id=CVE-2018-17958
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en rtl8139_do_receive en hw/net/rtl8139.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 http://www.securityfocus.com/bid/105556 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html https://seclists.org/bugtraq/2019/May/76 https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2019/dsa-4454 https://access& • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2018-1000805 – python-paramiko: Authentication bypass in auth_handler.py
https://notcve.org/view.php?id=CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante conectividad de red. • https://access.redhat.com/errata/RHBA-2018:3497 https://access.redhat.com/errata/RHSA-2018:3347 https://access.redhat.com/errata/RHSA-2018:3406 https://access.redhat.com/errata/RHSA-2018:3505 https://github.com/paramiko/paramiko/issues/1283 https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html https://usn.ubuntu.com/3796-1 h • CWE-305: Authentication Bypass by Primary Weakness CWE-863: Incorrect Authorization •
CVE-2018-17456 – Git Submodule - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Git en versiones anteriores a la 2.14.5, versiones 2.15.x anteriores a la 2.15.3, versiones 2.16.x anteriores a la 2.16.5, versiones 2.17.x anteriores a la 2.17.2, versiones 2.18.x anteriores a la 2.18.1 y versiones 2.19.x anteriores a la 2.19.1 permite la ejecución remota de código durante el procesamiento de un "clon de git" recursivo de un superproyecto si un archivo .gitmodules tiene un campo URL que comienza por un carácter "-". An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine. • https://www.exploit-db.com/exploits/45631 https://www.exploit-db.com/exploits/45548 https://github.com/AnonymKing/CVE-2018-17456 https://github.com/matlink/CVE-2018-17456 https://github.com/shpik-kr/CVE-2018-17456 https://github.com/799600966/CVE-2018-17456 https://github.com/KKkai0315/CVE-2018-17456 http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html http:/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2018-11784 – Apache Tomcat 9.0.0.M1 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, redirigiendo a "/foo/'' cuando el usuario solicitó '"/foo") se pudo usar una URL especialmente manipulada para hacer que la redirección se generara a cualquier URI de la elección del atacante. These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018. • https://www.exploit-db.com/exploits/50118 https://github.com/Cappricio-Securities/CVE-2018-11784 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html http://www.securityfocus.com/bid/105524 https://access.redhat.com/errata/RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0131 https://access.redhat.c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-17972 – kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks
https://notcve.org/view.php?id=CVE-2018-17972
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. Se descubrió un problema en la función proc_pid_stack en fs/proc/base.c en el kernel de Linux hasta la versión 4.18.11. No asegura que solo root pueda inspeccionar la pila del kernel de una tarea arbitraria, lo que permite que un atacante local explote de forma arbitraria el proceso de marcha atrás en la pila a la hora de producirse una excepción (stack unwinding) y filtre el contenido de la pila de tareas del kernel. An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://www.securityfocus.com/bid/105525 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2473 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-ann • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •