CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
https://notcve.org/view.php?id=CVE-2016-9600
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. • https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1410026 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9600 • CWE-476: NULL Pointer Dereference •
CVE-2018-5379 – quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberación (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desconocidos. Un ataque con éxito podría provocar una denegación de servicio (DoS) o permitir que un atacante ejecute código arbitrario. A double-free vulnerability was found in Quagga. • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 http://www.kb.cert.org/vuls/id/940439 http://www.securityfocus.com/bid/103105 https://access.redhat.com/errata/RHSA-2018:0377 https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html https://security.gentoo.org/glsa/201804-17 https://usn.ubuntu.com/3573-1 • CWE-415: Double Free CWE-416: Use After Free •
CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file. LibreOffice suffers from a remote arbitrary file disclosure vulnerability. • https://www.exploit-db.com/exploits/44022 https://access.redhat.com/errata/RHSA-2018:0418 https://access.redhat.com/errata/RHSA-2018:0517 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure https://usn.ubuntu.com/3579-1 https://www.debian.org/security/2018/dsa-4111 https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 https://access.red • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten. • http://www.securitytracker.com/id/1041520 https://access.redhat.com/errata/RHSA-2018:0260 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://usn.ubuntu.com/3558-1 https://access.redhat.com/security/cve/CVE-2018-1049 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •