CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17142
https://notcve.org/view.php?id=CVE-2018-17142
17 Sep 2018 — The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 2018-09-17 en Go gestiona de manera incorrecta , lo que conduce a un "panic: runtime error" en parseCurrentToken en parse.go durante una llamada html.Parse. • https://github.com/golang/go/issues/27702 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17143
https://notcve.org/view.php?id=CVE-2018-17143
17 Sep 2018 — The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 2018-09-17 en Go gestiona de manera incorrecta /action=0>, lo que conduce a un "panic: runtime error" en inBodyIM en parse.go durante una llamada html.Parse. • https://github.com/golang/go/issues/27704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2018-17075
https://notcve.org/view.php?id=CVE-2018-17075
16 Sep 2018 — The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14598 – libX11: Crash on invalid reply in XListExtensions in ListExt.c
https://notcve.org/view.php?id=CVE-2018-14598
21 Aug 2018 — An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). Se ha descubierto un problema en XListExtensions en ListExt.c en libX11 hasta la versión 1.6.5. Un servidor malicioso puede enviar una respuesta en la cual la primera cadena se desborda, provocando que una variable se establezca como NULL y se libere post... • http://www.openwall.com/lists/oss-security/2018/08/21/6 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14599 – libX11: Off-by-one error in XListExtensions in ListExt.c
https://notcve.org/view.php?id=CVE-2018-14599
21 Aug 2018 — An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. Se ha descubierto un problema en libX11 hasta su versión 1.6.5. La función XListExtensions en ListExt.c es vulnerable a un error por un paso provocado por respuestas maliciosas del servidor, lo que conduce a una denegación de servicio (DoS) o a otro tipo de impacto sin especificar. An off-by-... • http://www.openwall.com/lists/oss-security/2018/08/21/6 • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14348 – libcgroup: cgrulesengd creates log files with insecure permissions
https://notcve.org/view.php?id=CVE-2018-14348
14 Aug 2018 — libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. libcgroup hasta el incluyendo la versión 0.41 crea /var/log/cgred con el modo 0666 independientemente del umask configurado, lo que conduce a una fuga de información. The libcgroup packages provide tools and libraries to control and monitor control groups. An insecure permission issue was addressed. • http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-18342 – Gentoo Linux Security Advisory 202003-45
https://notcve.org/view.php?id=CVE-2017-18342
27 Jun 2018 — In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. En PyYAML en versiones anteriores a 5.1, la API yaml.load () podría ejecutar código arbitrario si se usara con datos no confiables. La función load () ha quedado en desuso en la versión 5.1 y se ha introducido el "UnsafeLoader" para una compatibilidad hacia atrás con ... • https://github.com/marshmallow-code/apispec/issues/278 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2018-10811 – Gentoo Linux Security Advisory 201811-16
https://notcve.org/view.php?id=CVE-2018-10811
17 Jun 2018 — strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. strongSwan, en versiones 5.6.0 y anteriores, permite una denegación de servicio (DoS) remota debido a la falta de inicialización de una variable. It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OI... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html • CWE-909: Missing Initialization of Resource •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-11385 – Debian Security Advisory 4262-1
https://notcve.org/view.php?id=CVE-2018-11385
13 Jun 2018 — An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. Se ha descubierto un problema en el componente Security en Symfony en versiones 2.7.x anteriores a la 2.7.48, versiones 2.8.x anteriores a l... • https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html • CWE-384: Session Fixation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-10196 – Ubuntu Security Notice USN-5971-1
https://notcve.org/view.php?id=CVE-2018-10196
30 May 2018 — NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. Vulnerabilidad de desreferencia de puntero NULL en la función ebuild_vlists en lib/dotgen/conc.c en la biblioteca dotgen en Graphviz 2.40.1 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo manipulado. It was disc... • https://bugzilla.redhat.com/show_bug.cgi?id=1579254 • CWE-476: NULL Pointer Dereference •