BDU:2019-03460

Уязвимость функции hidp_process_report компонента bluetooth ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.4) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-9363

Published: 2018-11-06
Modified: 2024-11-21

CVE-2018-9363

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

Severity: HIGH (8.4) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package ansible updated to version 2.6.2-alt0.M80P.1 for branch p8 in task 211589.

Published: 2018-06-08

BDU:2019-00887

Уязвимость системы управления конфигурациями Ansible, связанная c некорректной обработкой опции no_log, позволяющая нарушителю получить несанкционированный доступ к информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-10855

Published: 2018-07-03
Modified: 2024-11-21

CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Новая версия

Version: 2.1.0

Branch p8 update on 2018-08-23

ALT-BU-2018-3415-1

ALT-PU-2018-2198-1

Closed vulnerabilities

BDU:2019-03460

CVE-2018-9363

ALT-PU-2018-2199-1

Closed vulnerabilities

BDU:2019-00887

CVE-2018-10855

Closed bugs

Bug #35245