CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2017-0366 – SVG filter evasion using default attribute values in DTD declaration
https://notcve.org/view.php?id=CVE-2017-0366
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error que permite la omisión del filtro SVG mediante el uso de valores de atributo por defecto en una declaración DTD. • https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html https://phabricator.wikimedia.org/T151735 https://security-tracker.debian.org/tracker/CVE-2017-0366 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2018-1084 – corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
https://notcve.org/view.php?id=CVE-2018-1084
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. corosync en versiones anteriores a la 2.4.4 es vulnerable a un desbordamiento de enteros en exec/totemcrypto.c. An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. • http://www.securityfocus.com/bid/103758 https://access.redhat.com/errata/RHSA-2018:1169 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084 https://security.gentoo.org/glsa/202107-01 https://usn.ubuntu.com/4000-1 https://www.debian.org/security/2018/dsa-4174 https://access.redhat.com/security/cve/CVE-2018-1084 https://bugzilla.redhat.com/show_bug.cgi?id=1552830 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-1308
https://notcve.org/view.php?id=CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Esta vulnerabilidad en Apache Solr 1.2 a 6.6.2 y 7.0.0 a 7.2.1 está relacionado con una expansión XEE (XML External Entity) en el parámetro `dataConfig=` del DataImportHandler de Solr. Puede emplearse como XEE mediante el uso de protocolos file/ftp/http para leer archivos locales arbitrarios del servicio Solr o de la red interna. • https://issues.apache.org/jira/browse/SOLR-11971 https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E https://www.debian.org/security/2018/dsa-4194 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 1%CPEs: 29EXPL: 0CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; específicamente la invocación EDITOR_PROGRAM (usando ed) puede resultar en la ejecución de código. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro común, las bases de código han divergido con el tiempo. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html http://rachelbythebay.com/w/2018/04/05/bangpatch https://access.redhat.com/errata/RHSA-2018:1199 https://access.redhat.com/errata/RHSA-2018:1200 https://access.redhat.com/errata/RHSA-2018:2091 https://access.redhat.com/errata/RHSA-2018:2092 https://access.redhat.com/errata/RHSA-2018:2093 https://access.redhat.com/errata/RHSA-2018:2094 https://access.redhat.com/errata/RHSA-2018:2095 ht • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9269
https://notcve.org/view.php?id=CVE-2018-9269
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, epan/dissectors/packet-giop.c tiene una fuga de memoria. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e19aba33026212cbe000ece633adf14d109489fa https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-24.html • CWE-772: Missing Release of Resource after Effective Lifetime •