CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-16152
https://notcve.org/view.php?id=CVE-2018-16152
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. En verify_emsa_pkcs1_signature() en gmp_rsa_public_key.c en el plugin gmp en strongSwan en versiones 4.x y 5.x anteriores a la 5.7.0, la implementación RSA basada en GMP no rechaza los datos sobrantes en el campo digestAlgorithm.parameters durante la verificación de firmas PKCS#1 v1.5. En consecuencia, un atacante remoto puede falsificar firmas cuando se emplean pequeños exponentes públicos, lo que podría conducir a una suplantación cuando solo se emplea una firma RSA para la autenticación IKEv2. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html https://security.gentoo.org/glsa/201811-16 https://usn.ubuntu.com/3771-1 https://www.debian.org/security/2018/dsa-4305 https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-20 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12385 – Mozilla: Crash in TransportSecurityInfo due to cached data
https://notcve.org/view.php?id=CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. Un cierre inesperado potencialmente explotable en TransportSecurityInfo empleado para SSL puede desencadenarse por los datos almacenados en la caché local en el directorio de perfil del usuario. • http://www.securityfocus.com/bid/105380 http://www.securitytracker.com/id/1041700 http://www.securitytracker.com/id/1041701 https://access.redhat.com/errata/RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://bugzilla.mozilla.org/show_bug.cgi?id=1490585 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810- • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-14647 – python: Missing salt initialization in _elementtree.c module
https://notcve.org/view.php?id=CVE-2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. El acelerador de C elementtree en Python no inicializa la sal del hash Expat durante la inicialización. Esto podría facilitar llevar a cabo ataques de denegación de servicio (DoS) contra Expat construyendo un documento XML que provocaría colisiones de hashes en las estructuras internas de datos de Expat, consumiendo grandes cantidades de CPU y RAM. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/105396 http://www.securitytracker.com/id/1041740 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3725 https://bugs.python.org/issue34623 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.boo • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0CVE-2018-14633 – kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target
https://notcve.org/view.php?id=CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. • http://www.securityfocus.com/bid/105388 https://access.redhat.com/errata/RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-17407 – texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
https://notcve.org/view.php?id=CVE-2018-17407
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permite la ejecución arbitraria de código cuando una fuente maliciosa es cargada por una de las herramientas vulnerables: pdflatex, pdftex, dvips o luatex. • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c https://lists.debian.org/debian-security-announce/2018/msg00230.html https://usn.ubuntu.com/3788-1 https://usn.ubuntu.com/3788-2 https://www.debian.org/security/2018/dsa-4299 https://access.redhat.com/security/cve/CVE-2018-17407 https://bugzilla.redhat.com/show_bug.cgi?id=1632802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •