CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2CVE-2018-14634 – Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-14634
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. Se ha encontrado un error de desbordamiento de enteros en la función create_elf_tables() del kernel de Linux. Un usuario local sin privilegios con acceso al binario SUID (o a otro privilegiado) podría emplear este error para escalar sus privilegios en el sistema. • https://www.exploit-db.com/exploits/45516 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/105407 https://access.redhat.com/errata/RHSA-2018:2748 https://access.redhat.com/errata/RHSA-2018:2763 https://access.redhat.com/errata/RHSA-2018:2846 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018:2925 https://access.redhat.com/errata/RHSA-2018:2933 https://access.redhat.com/errata/RHSA- • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12385 – Mozilla: Crash in TransportSecurityInfo due to cached data
https://notcve.org/view.php?id=CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. Un cierre inesperado potencialmente explotable en TransportSecurityInfo empleado para SSL puede desencadenarse por los datos almacenados en la caché local en el directorio de perfil del usuario. • http://www.securityfocus.com/bid/105380 http://www.securitytracker.com/id/1041700 http://www.securitytracker.com/id/1041701 https://access.redhat.com/errata/RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://bugzilla.mozilla.org/show_bug.cgi?id=1490585 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810- • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-14647 – python: Missing salt initialization in _elementtree.c module
https://notcve.org/view.php?id=CVE-2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. El acelerador de C elementtree en Python no inicializa la sal del hash Expat durante la inicialización. Esto podría facilitar llevar a cabo ataques de denegación de servicio (DoS) contra Expat construyendo un documento XML que provocaría colisiones de hashes en las estructuras internas de datos de Expat, consumiendo grandes cantidades de CPU y RAM. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/105396 http://www.securitytracker.com/id/1041740 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3725 https://bugs.python.org/issue34623 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.boo • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0CVE-2018-14633 – kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target
https://notcve.org/view.php?id=CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. • http://www.securityfocus.com/bid/105388 https://access.redhat.com/errata/RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2018-17183 – ghostscript: User-writable error exception table
https://notcve.org/view.php?id=CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Artifex Ghostscript en versiones anteriores a la 9.25 permitía una tabla de excepción de error que puede escribir el usuario. Esta tabla podía ser usada por los atacantes remotos capaces de proporcionar PostScript manipulados para poder sobrescribir o reemplazar manipuladores de errores para inyectar código. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699708 https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html https://usn.ubuntu.com/3773-1 https://access.redhat.com/security/cve/CVE-2018-17183 https://bugzilla.redhat.com/show_bug.cgi?id=1632471 • CWE-460: Improper Cleanup on Thrown Exception •