CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-20216
https://notcve.org/view.php?id=CVE-2018-20216
20 Dec 2018 — QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). QEMU puede tener un bucle infinito en hw/rdma/vmw/pvrdma_dev_ring.c debido a que no se comprueban los valores de retorno (y -1 se gestiona de manera incorrecta). • http://www.openwall.com/lists/oss-security/2018/12/19/2 • CWE-252: Unchecked Return Value CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-20125
https://notcve.org/view.php?id=CVE-2018-20125
20 Dec 2018 — hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. hw/rdma/vmw/pvrdma_cmd.c en QEMU permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL o asignación de memoria excesiva) en create_cq_ring o create_qp_rings. • http://www.openwall.com/lists/oss-security/2018/12/19/3 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20126
https://notcve.org/view.php?id=CVE-2018-20126
20 Dec 2018 — hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. hw/rdma/vmw/pvrdma_cmd.c en QEMU permite filtrados de memoria en create_cq y create_qp debido a la gestión incorrecta de los errores. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000878
20 Dec 2018 — libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416:... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000877 – libarchive: Double free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000877
20 Dec 2018 — libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) cont... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1000880
https://notcve.org/view.php?id=CVE-2018-1000880
20 Dec 2018 — libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. libarchive, con el commit con ID 9693801580c0cf7c70e862d305270a16b52826a7 y siguientes (desde la v3.2.0... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000858 – gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service
https://notcve.org/view.php?id=CVE-2018-1000858
20 Dec 2018 — GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. GnuPG, de la versión 2.1.12 a la 2.2.11, contiene una vulnerabilidad Cross-Site Req... • https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2018-1000852 – freerdp: out of bounds read in drdynvc_process_capability_request
https://notcve.org/view.php?id=CVE-2018-1000852
20 Dec 2018 — FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. FreeRDP 2.0.0-rc3, en versiones... • https://access.redhat.com/errata/RHSA-2019:2157 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20021
https://notcve.org/view.php?id=CVE-2018-20021
19 Dec 2018 — LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM LibVNC antes del commit con ID c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contiene una vulnerabilidad CWE-835: bucle infinito en el código del cliente VNC. Esta vulnerabilidad permite que el atacante consuma una cantidad excesiva de recursos como la CPU y la RAM. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 3%CPEs: 20EXPL: 0CVE-2018-20019
https://notcve.org/view.php?id=CVE-2018-20019
19 Dec 2018 — LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution LibVNC antes del commit con ID a83439b9fbe0f03c48eb94ed05729cb016f8b72f contiene múltiples vulnerabilidades de escritura de memoria dinámica (heap) fuera de límites en el código del cliente VNC que pueden resultar en la ejecución remota de código. • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •