Page 113 of 1677 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-17407 – texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c

https://notcve.org/view.php?id=CVE-2018-17407

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permite la ejecución arbitraria de código cuando una fuente maliciosa es cargada por una de las herramientas vulnerables: pdflatex, pdftex, dvips o luatex. • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c https://lists.debian.org/debian-security-announce/2018/msg00230.html https://usn.ubuntu.com/3788-1 https://usn.ubuntu.com/3788-2 https://www.debian.org/security/2018/dsa-4299 https://access.redhat.com/security/cve/CVE-2018-17407 https://bugzilla.redhat.com/show_bug.cgi?id=1632802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-17294

https://notcve.org/view.php?id=CVE-2018-17294

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. La función matchCurrentInput dentro de lou_translateString.c de Liblouis en versiones anteriores a la 3.7 no comprueba la longitud de la cadena entrante, permitiendo a los atacantes provocar una denegación de servicio (cierre inesperado de la aplicación mediante una lectura fuera de límites) creando un archivo entrante con determinados diccionarios de traducción. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html http://www.securityfocus.com/bid/105511 https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e https://github.com/liblouis/liblouis/issues/635 https://usn.ubuntu.com/3782-1 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2018-17183 – ghostscript: User-writable error exception table

https://notcve.org/view.php?id=CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Artifex Ghostscript en versiones anteriores a la 9.25 permitía una tabla de excepción de error que puede escribir el usuario. Esta tabla podía ser usada por los atacantes remotos capaces de proporcionar PostScript manipulados para poder sobrescribir o reemplazar manipuladores de errores para inyectar código. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699708 https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html https://usn.ubuntu.com/3773-1 https://access.redhat.com/security/cve/CVE-2018-17183 https://bugzilla.redhat.com/show_bug.cgi?id=1632471 • CWE-460: Improper Cleanup on Thrown Exception •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3

CVE-2018-17182 – Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2018-17182

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.18.8. La función vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de números de secuencias. • https://www.exploit-db.com/exploits/45497 https://github.com/jas502n/CVE-2018-17182 https://github.com/likescam/CVE-2018-17182 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 http://www.securityfocus.com/bid/105417 http://www.securityfocus.com/bid/106503 http://www.securitytracker.com/id/1041748 https://access.redhat.com/errata/RHSA-2018:3656 https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 https: • CWE-416: Use After Free •

CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1

CVE-2018-1000802

https://notcve.org/view.php?id=CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. Python Software Foundation Python (CPython) versión 2.7 contiene un CWE-77: neutralización incorrecta de elementos especiales empleados en una vulnerabilidad de comandos ("inyección de comandos") en el módulo shutil (función make_archive) que puede resultar en una denegación de servicio (DoS), la obtención de información mediante la inyección de archivos arbitrarios en el sistema o en todo el disco. El ataque parece ser explotable mediante el paso de entradas de usuario no filtradas a la función. • https://github.com/tna0y/CVE-2018-1000802-PoC http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugs.python.org/issue34540 https://github.com/python/cpython/pull/8985 https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://mega.nz/#%21JUFiCC4R%21mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig https:&#x • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •