CVSS: 9.8EPSS: 4%CPEs: 25EXPL: 0CVE-2018-19361 – jackson-databind: improper polymorphic deserialization in openjpa class
https://notcve.org/view.php?id=CVE-2018-19361
02 Jan 2019 — FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.8 podrían permitir a los atacantes remotos tener un impacto no especificado aprovechando un fallo para bloquear la clase openjpa de deserialización polimórfica. A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious... • http://www.securityfocus.com/bid/107985 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 7%CPEs: 24EXPL: 0CVE-2018-19362 – jackson-databind: improper polymorphic deserialization in jboss-common-core class
https://notcve.org/view.php?id=CVE-2018-19362
02 Jan 2019 — FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.8 podrían permitir a los atacantes remotos tener un impacto no especificado aprovechando un fallo para bloquear la clase jboss-common-core de deserialización polimórfica. A flaw was discovered in jackson-databind, where it would permit polymorphic deserializ... • http://www.securityfocus.com/bid/107985 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3500 – Ubuntu Security Notice USN-3965-1
https://notcve.org/view.php?id=CVE-2019-3500
02 Jan 2019 — aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. aria2c en la versión 1.33.1 de aria2, cuando se utiliza --log, puede almacenar un nombre de usuario y contraseña de HTTP Basic Authentication en un archivo, lo que podría permitir a usuarios locales obtener información sensible al leer dicho archivo. Dhiraj Mishra discovered that aria2 incorrectly stored authen... • https://packetstorm.news/files/id/150994 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc
https://notcve.org/view.php?id=CVE-2018-20650
01 Jan 2019 — A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pd... • http://www.securityfocus.com/bid/106459 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-20622
https://notcve.org/view.php?id=CVE-2018-20622
31 Dec 2018 — JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. La versión 2.0.14 de JasPer tiene una fuga de memoria en base/jas_malloc.c en libjasper.a cuando se utiliza "--output-format jp2". • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20584 – Gentoo Linux Security Advisory 201908-03
https://notcve.org/view.php?id=CVE-2018-20584
30 Dec 2018 — JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. JasPer 2.0.14 permite que los atacantes remotos provoquen una denegación de servicio (bloqueo de la aplicación) mediante un intento de conversión al formato jp2. Multiple vulnerabilities have been found in JasPer, the worst of which could result in a Denial of Service condition. Versions less than or equal to 2.0.16 are affected. • http://www.securityfocus.com/bid/106356 •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2018-20570
https://notcve.org/view.php?id=CVE-2018-20570
28 Dec 2018 — jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. jp2_encode en jp2/jp2_enc.c en JasPer 2.0.14 tiene una sobrelectura de búfer basada en memoria dinámica (heap). • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20549
https://notcve.org/view.php?id=CVE-2018-20549
28 Dec 2018 — There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Hay un acceso de ESCRITURA ilegal en la memoria en caca/file.c (función caca_file_read) en libcaca 0.99.beta19. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20547
https://notcve.org/view.php?id=CVE-2018-20547
28 Dec 2018 — There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Hay un acceso de LECTURA ilegal en la memoria en caca/dither.c (función get_rgba_default) en libcaca 0.99.beta19 para los datos 24bpp. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2018-20544 – Ubuntu Security Notice USN-3860-1
https://notcve.org/view.php?id=CVE-2018-20544
28 Dec 2018 — There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Hay un acceso de ESCRITURA ilegal en la memoria en common-image.c (función load_image) en libcaca 0.99.beta19 para los datos 4bpp. It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that libcaca incorrectly handled certain images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-369: Divide By Zero •