CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16842 – curl: Heap-based buffer over-read in the curl tool warning formatting
https://notcve.org/view.php?id=CVE-2018-16842
31 Oct 2018 — Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Curl, desde la versión 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de búfer basada en memoria dinámica (heap) en la función tool_msgs.c:voutf() que podría resultar en una exposición de información y una denegación de servicio (DoS). • http://www.securitytracker.com/id/1042014 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-16839 – curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()
https://notcve.org/view.php?id=CVE-2018-16839
31 Oct 2018 — Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. Curl, desde la versión 7.33.0 hasta la 7.61.1, es vulnerable a una saturación del búfer en el código de autenticación SASL que podría conducir a una denegación de servicio (DoS). • http://www.securitytracker.com/id/1042012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16840 – curl: Use-after-free when closing "easy" handle in Curl_close()
https://notcve.org/view.php?id=CVE-2018-16840
31 Oct 2018 — A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. Se ha detectado un error de uso de memoria dinámica (heap) previamente liberada en Curl, desde la versión 7.59.0 hasta la 7.61.1, en el códi... • http://www.securitytracker.com/id/1042013 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2018-0734 – Timing attack against DSA
https://notcve.org/view.php?id=CVE-2018-0734
30 Oct 2018 — The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18281 – kernel: TLB flush happens too late on mremap
https://notcve.org/view.php?id=CVE-2018-18281
29 Oct 2018 — Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Desde la versión 3.2 del kernel de Linux, la syscall mremap(... • http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html • CWE-459: Incomplete Cleanup CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 5.9EPSS: 0%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
29 Oct 2018 — The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 2CVE-2018-18751 – gettext: double free in default_add_message in read-catalog.c
https://notcve.org/view.php?id=CVE-2018-18751
28 Oct 2018 — An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Se ha descubierto un problema en GNU gettext 0.19.8. Hay una doble liberación (double free) en default_add_message en read-catalog.c, relacionado con una liberación no válida en po_gram_parse en po-gram-gen.y, tal y como queda demostrado con lt-msgfmt. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-18710
https://notcve.org/view.php?id=CVE-2018-18710
27 Oct 2018 — An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.19. Una fuga de información en cdrom_ioctl_select_disc en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para l... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2018-6559
https://notcve.org/view.php?id=CVE-2018-6559
26 Oct 2018 — The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. El kernel de Linux, tal y como se emplea en Ubuntu 18.04 LTS y Ubuntu 18.10, permite que usuarios locales obtengan los nombres de archivos a los que normalmente no podrían acceder mediante un montaje overlayfs dentro de un espacio de nombre de usuario. • http://www.securityfocus.com/bid/105752 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-15688 – Out-of-Bounds write in systemd-networkd dhcpv6 option handling
https://notcve.org/view.php?id=CVE-2018-15688
26 Oct 2018 — A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. Una vulnerabilidad de desbordamiento de búfer en el cliente dhcp6 de systemd permite que un servidor dhcp6 malicioso sobrescriba memoria dinámica (heap) en systemd-networkd. Las versiones afectadas de systemd son todas hasta la 239 incluida. It was discovered that systemd-network does not correctly keep t... • http://www.securityfocus.com/bid/105745 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •