CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-18073 – ghostscript: Saved execution stacks can leak operator arrays
https://notcve.org/view.php?id=CVE-2018-18073
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Artifex Ghostscript permite que los atacantes omitan un mecanismo de protección de sandbox aprovechando la exposición de los operadores del sistema en la pila de ejecución guardada en un objeto error. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html http://www.openwall.com/lists/oss-security/2018/10/10/12 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 https://bugs.ghostscript.com/show_bug.cgi?id=699927 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https://usn.ubuntu.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2018-17958 – QEMU: rtl8139: integer overflow leads to buffer overflow
https://notcve.org/view.php?id=CVE-2018-17958
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en rtl8139_do_receive en hw/net/rtl8139.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 http://www.securityfocus.com/bid/105556 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html https://seclists.org/bugtraq/2019/May/76 https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2019/dsa-4454 https://access& • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2018-17962 – QEMU: pcnet: integer overflow leads to buffer overflow
https://notcve.org/view.php?id=CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en pcnet_receive en hw/net/pcnet.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2892 https://access.redhat.com/security/cve/cve-2018-17962 https://linux.oracle.com/cve/CVE-2018-17962.html https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2018/dsa-4338 https://www.suse.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-17963 – QEMU: net: ignore packets with large size
https://notcve.org/view.php?id=CVE-2018-17963
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. qemu_deliver_packet_iov en net/net.c en Qemu acepta tamaños de paquetes mayores a INT_MAX, lo que permite que los atacantes provoquen una denegación de servicio (DoS) o tengan otro tipo de impacto sin especificar. A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to OOB buffer access issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html https://usn.ubuntu.com/3826-1 https://www.debian.org/securi • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2018-18074 – python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
https://notcve.org/view.php?id=CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. El paquete Requests antes de la versión 2.20.0 para Python envía una cabecera de autorización HTTP a un URI http al recibir una redirección same-hostname https-to-http, lo que facilita que los atacantes remotos descibran las credenciales esnifando la red. A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials. • http://docs.python-requests.org/en/master/community/updates/#release-and-version-history http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html https://access.redhat.com/errata/RHSA-2019:2035 https://bugs.debian.org/910766 https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff https://github.com/requests/requests/issues/4716 https://github.com/requests/requests/pull/4718 https://usn.ubuntu.com/3790-1 https://usn.ubuntu.com/3790-2 https:/& • CWE-522: Insufficiently Protected Credentials •