CVE-2018-5130 – Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5130
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Cuando se envían paquetes con un tipo de carga útil RTP no coincidente en conexiones WebRTC, en algunas circunstancias, se desencadena un fallo potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://bugzilla.mozilla.org/show_bug.cgi?id=1433005 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3596-1 https://www.debian.org/security/2018/dsa-4139 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-5127 – Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5127
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Se puede producir un desbordamiento de búfer cuando se manipula el SVG "animatedPathSegList" mediante un script. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1430557 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
https://notcve.org/view.php?id=CVE-2016-9600
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. • https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1410026 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9600 • CWE-476: NULL Pointer Dereference •
CVE-2017-7518 – Kernel: KVM: debug exception via syscall emulation
https://notcve.org/view.php?id=CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. Se ha detectado un error en el kernel de Linux en versiones anteriores a la 4.12 en la forma en la que el módulo KVM procesó el bit trap flag(TF) en EFLAGS durante la emulación de la instrucción de la llamada del sistema, lo que conduce a que se lance una excepción de depuración (#DB) en la pila invitada. Un usuario/proceso en un invitado podría utilizar este error para escalar sus privilegios en el invitado. • http://www.openwall.com/lists/oss-security/2017/06/23/5 http://www.securityfocus.com/bid/99263 http://www.securitytracker.com/id/1038782 https://access.redhat.com/articles/3290921 https://access.redhat.com/errata/RHSA-2018:0395 https://access.redhat.com/errata/RHSA-2018:0412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 https://www.debian.org/security • CWE-250: Execution with Unnecessary Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versión 4.1.0 hasta la 4.1-ESV-R15, desde la versión 4.2.0 hasta la 4.2.8, desde la versión 4.3.0 hasta la 4.3.6 y a la versión 4.4.0. A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. • http://www.securityfocus.com/bid/103188 http://www.securitytracker.com/id/1040437 https://access.redhat.com/errata/RHSA-2018:0469 https://access.redhat.com/errata/RHSA-2018:0483 https://kb.isc.org/docs/aa-01567 https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html https://usn.ubuntu.com/3586-1 https://usn.ubuntu.com/3586-2 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2018-5733 https://bugzilla.redhat • CWE-190: Integer Overflow or Wraparound •