Page 115 of 2170 results (0.011 seconds)

CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-11781 – spamassassin: Local user code injection in the meta rule syntax

https://notcve.org/view.php?id=CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Apache SpamAssassin 3.4.2 soluciona una inyección de código de usuario local en la sintaxis de reglas meta. A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html https://access.redhat.com/errata/RHSA-2018:2916 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html https://security.gentoo.org/glsa/201812-07 https://usn.ubuntu.com/3811-1 https://usn.ubuntu.com/3811-3 https://access.redhat.com/security/cve/CVE-2018-11781 https://bugzilla.redhat.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0

CVE-2018-11780

https://notcve.org/view.php?id=CVE-2018-11780

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. Existe un error potencial de ejecución remota de código en el plugin PDFInfo en Apache SpamAssassin en versiones anteriores a la 3.4.2. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html http://www.securityfocus.com/bid/105373 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html https://security.gentoo.org/glsa/201812-07 https://usn.ubuntu.com/3811-1 https://usn.ubuntu.com/3811-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 2

CVE-2018-17095 – audiofile: Heap-based buffer overflow in Expand3To4Module::run() when running sfconvert

https://notcve.org/view.php?id=CVE-2018-17095

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. Se ha descubierto un problema en mpruett Audio File Library (también conocido como audiofile) versiones 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. Ha ocurrido un desbordamiento de búfer basado en memoria dinámica (heap) en Expand3To4Module::run al ejecutar sfconvert • https://github.com/mpruett/audiofile/issues/50 https://github.com/mpruett/audiofile/issues/51 https://usn.ubuntu.com/3800-1 https://access.redhat.com/security/cve/CVE-2018-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1631088 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-17100 – libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c

https://notcve.org/view.php?id=CVE-2018-17100

An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. Se ha descubierto un problema en LibTIFF 4.0.9. Hay un desbordamiento de int32 en multiply_ms en tools ppm2tiff.c que puede provocar una denegación de servicio (cierre inesperado) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo de imagen manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2810 https://access.redhat.com/errata/RHSA-2019:2053 https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 https://access.redhat.com/security/cve/CVE-2018-17100 https://bugzilla.redhat.com/show_bug.cgi?id=16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-17101 – libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c

https://notcve.org/view.php?id=CVE-2018-17101

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Se ha descubierto un problema en LibTIFF 4.0.9. Hay dos escrituras fuera de límites en cpTags en tools tiff2bw.c y tools pal2rgb.c que pueden provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo de imagen manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2807 http://www.securityfocus.com/bid/105370 https://access.redhat.com/errata/RHSA-2019:2053 https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-17101 https:&#x • CWE-787: Out-of-bounds Write •