CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file. LibreOffice suffers from a remote arbitrary file disclosure vulnerability. • https://www.exploit-db.com/exploits/44022 https://access.redhat.com/errata/RHSA-2018:0418 https://access.redhat.com/errata/RHSA-2018:0517 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure https://usn.ubuntu.com/3579-1 https://www.debian.org/security/2018/dsa-4111 https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 https://access.red • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-6560 – flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake
https://notcve.org/view.php?id=CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. En dbus-proxy/flatpak-proxy.c en Flatpak en versiones anteriores a la 0.8.9, 0.9.x y 0.10.x anteriores a la 0.10.3, se pueden utilizar mensajes D-Bus manipulados para salir del sandbox, ya que la gestión de los espacios en blanco en el proxy no es idéntica a cómo gestiona el demonio los espacios en blanco. It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface. • https://access.redhat.com/errata/RHSA-2018:2766 https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6 https://github.com/flatpak/flatpak/releases/tag/0.10.3 https://github.com/flatpak/flatpak/releases/tag/0.8.9 https://access.redhat.com/security/cve/CVE-2018-6560 https://bugzilla.redhat.com/show_bug.cgi?id=1542207 • CWE-270: Privilege Context Switching Error CWE-436: Interpretation Conflict •
CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten. • http://www.securitytracker.com/id/1041520 https://access.redhat.com/errata/RHSA-2018:0260 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://usn.ubuntu.com/3558-1 https://access.redhat.com/security/cve/CVE-2018-1049 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-5748 – libvirt: Resource exhaustion via qemuMonitorIORead() method
https://notcve.org/view.php?id=CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. qemu/qemu_monitor.c en libvirt permite que los atacantes provoquen una denegación de servicio (consumo de memoria) mediante una respuesta QEMU grande. • http://www.securityfocus.com/bid/102825 https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html https://access.redhat.com/security/cve/CVE-2018-5748 https://bugzilla.redhat.com/show_bug.cgi?id=1528396 • CWE-400: Uncontrolled Resource Consumption •