CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6767 – Slackware Security Advisory - wavpack Updates
https://notcve.org/view.php?id=CVE-2018-6767
06 Feb 2018 — A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. Una sobrelectura de búfer basada en pila en la función ParseRiffHeaderConfig del archivo cli/riff.c de WavPack 5.1.0 permite que un atacante remoto provoque un ataque de denegación de servicio (DoS) o posiblemente otro impacto no especificado mediante un archivo RF64... • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 29%CPEs: 7EXPL: 0CVE-2018-1000027 – squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-1000027
05 Feb 2018 — The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. Squid Software Foundation Squid HTTP Caching Proxy, en ... • http://www.squid-cache.org/Advisories/SQUID-2018_2.txt • CWE-117: Improper Output Neutralization for Logs CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2018-1000024 – squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-1000024
05 Feb 2018 — The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. Squid Software Foundation Squid HTTP Caching Proxy, en versiones 3.0 a 3... • http://www.squid-cache.org/Advisories/SQUID-2018_1.txt • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6594 – Gentoo Linux Security Advisory 202007-62
https://notcve.org/view.php?id=CVE-2018-6594
03 Feb 2018 — lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. lib/Crypto/PublicKey/ElGamal.py en PyCrypto hasta la versión 2.6.1 genera parámetros de clave ElGamal débiles, lo que permite que atacantes remotos obten... • https://github.com/TElgamal/attack-on-pycrypto-elgamal • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14179
https://notcve.org/view.php?id=CVE-2017-14179
02 Feb 2018 — Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. Apport, en versiones anteriores a la 2.13, no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podría... • https://launchpad.net/bugs/1726372 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6540 – Ubuntu Security Notice USN-3699-1
https://notcve.org/view.php?id=CVE-2018-6540
02 Feb 2018 — In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de bus provocado por la carga de una dirección mal alineada en la función zzip_disk_findfirst de zzip/mmapped.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archi... • https://github.com/gdraheim/zziplib/issues/15 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6541 – zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c
https://notcve.org/view.php?id=CVE-2018-6541
02 Feb 2018 — In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de bus provocado por la carga de una dirección mal alineada (al gestionar las entradas locales disk64_trailer) en __zzip_fetch_disk_trailer (zzip/zip.c). Los atacantes remotos pueden aprovechar esta vulne... • https://access.redhat.com/errata/RHSA-2019:2196 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6484 – Ubuntu Security Notice USN-3699-1
https://notcve.org/view.php?id=CVE-2018-6484
01 Feb 2018 — In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de alineación de memoria y un error de bus en la función __zzip_fetch_disk_trailer de zzip/zip.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo zip manipulado. It was di... • https://github.com/gdraheim/zziplib/issues/14 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18043 – Ubuntu Security Notice USN-3575-2
https://notcve.org/view.php?id=CVE-2017-18043
31 Jan 2018 — Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Desbordamiento de enteros en la macro ROUND_UP (n, d) en Quick Emulator (Qemu) permite que un usuario provoque una denegación de servicio (cierre inesperado del proceso Qemu) USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered th... • http://www.openwall.com/lists/oss-security/2018/01/19/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
31 Jan 2018 — In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel... • http://www.securitytracker.com/id/1041520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •