CVSS: 7.9EPSS: 91%CPEs: 22EXPL: 8CVE-2018-1111 – DynoRoot DHCP Client - Command Injection
https://notcve.org/view.php?id=CVE-2018-1111
15 May 2018 — DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. Los paquetes DHCP en Red Hat Enterprise Linux 6 y 7, Fedora... • https://packetstorm.news/files/id/147698 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 1CVE-2018-1060 – python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
https://notcve.org/view.php?id=CVE-2018-1060
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastrófico en el método apop () de pop3lib. Un atacante podría usar este fallo para causar la denegación de servicio. A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's a... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 27EXPL: 0CVE-2018-1061 – python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
https://notcve.org/view.php?id=CVE-2018-1061
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. python en versiones anteriores a la 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a backtracking catastrófico en el método difflib.IS_LINE_JUNK. Un atacante podría utilizar este fallo para provocar una denegación de servicio (DoS). A flaw was found in the way catastrophic backtracking was implem... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-3846 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3846
16 Apr 2018 — In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En las funciones ffgphd y ffgtkn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante pu... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-3848 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3848
16 Apr 2018 — In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En la función ffghbn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FI... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-3849 – Gentoo Linux Security Advisory 202101-24
https://notcve.org/view.php?id=CVE-2018-3849
16 Apr 2018 — In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. En la función ffghtb en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FI... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2016-3110 – mod_cluster: remotely Segfault Apache http server
https://notcve.org/view.php?id=CVE-2016-3110
22 Aug 2016 — mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. mod_cluster, tal como se utiliza en Red Hat JBoss Web Server 2.1, permite a atacantes remotos provocar una denegación de servicio (caída del servidor http de Apache) a través de un mensaje MCMP que contiene una serie de caracteres = (iguales) después de un elemento legítimo. It was di... • http://rhn.redhat.com/errata/RHSA-2016-1648.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 253EXPL: 0CVE-2016-1238 – Gentoo Linux Security Advisory 201812-07
https://notcve.org/view.php?id=CVE-2016-1238
25 Jul 2016 — (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Modul... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •