CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10892 – docker: container breakout without selinux in enforcing mode
https://notcve.org/view.php?id=CVE-2018-10892
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. La especificación OCI por defecto de Linux en oci/defaults{_linux}.go en Docker y Moby desde la versión 1.11 hasta la más actual no bloquea los nombres de ruta /proc/acpi. El error permite que un atacante modifique el hardware del host, como habilitar/deshabilitar el bluetooth o subir/bajar el brillo del teclado. The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html https://access.redhat.com/errata/RHBA-2018:2796 https://access.redhat.com/errata/RHSA-2018:2482 https://access.redhat.com/errata/RHSA-2018:2729 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892 https://github.com/moby/moby/pull/37404 https://access.redhat.com/security/cve/CVE-2018-10892 https://bugzilla.redhat.com/show_bug.cgi?id=1598581 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. La función inode_init_owner en fs/inode.c en el kernel de Linux hasta la versión 3.16 permite a los usuarios locales crear archivos con una propiedad de grupo no deseada, en un escenario donde un directorio es SGID a un cierto grupo y es escribible por un usuario que no es miembro de ese grupo. • https://www.exploit-db.com/exploits/45033 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 http://openwall.com/lists/oss-security/2018/07/13/2 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0717 https://access.redhat.com/errata/RHSA- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-12910 – libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames
https://notcve.org/view.php?id=CVE-2018-12910
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. La función get_cookies en soup-cookie-jar.c en libsoup 2.63.2 permite que los atacantes provoquen un impacto no especificado mediante un nombre de host vacío. An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047 https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f https://gitlab.gnome.org/GNOME/libsoup/issues/3 https://lists.debian.org/debian-lts-announce/2018/07/msg00007. • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1113 – setup: nologin listed in /etc/shells violates security expectations
https://notcve.org/view.php?id=CVE-2018-1113
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. setup en versiones anteriores a la 2.11.4-1.fc28 en Fedora y Red Hat Enterprise Linux añadía /sbin/nologin y /usr/sbin/nologin a /etc/shells. Esto viola las asunciones de seguridad realizadas por pam_shells y algunos demonios, lo que permite el acceso en base a que el shell de un usuario se lista en /etc/shells. En algunas circunstancias, los usuarios a los que se les haya cambiado el shell a /sbin/nologin podrían seguir siendo capaces de acceder al sistema. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3249 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113 https://access.redhat.com/security/cve/CVE-2018-1113 https://bugzilla.redhat.com/show_bug.cgi?id=1571094 • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 1%CPEs: 5EXPL: 1CVE-2018-13033 – binutils: Uncontrolled Resource Consumption in execution of nm
https://notcve.org/view.php?id=CVE-2018-13033
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. La biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (asignación excesiva de memoria y cierre inesperado de la aplicación) mediante un archivo ELF manipulado. Esto queda demostrado por _bfd_elf_parse_attributes en elf-attrs.c y bfd_malloc en libbfd.c. Esto puede ocurrir durante la ejecución de nm. • http://www.securityfocus.com/bid/104584 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201908-01 https://sourceware.org/bugzilla/show_bug.cgi?id=23361 https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-13033 https://bugzilla.redhat.com/show_bug.cgi?id=1597436 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •