CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-1061 – python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
https://notcve.org/view.php?id=CVE-2018-1061
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. python en versiones anteriores a la 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a backtracking catastrófico en el método difflib.IS_LINE_JUNK. Un atacante podría utilizar este fallo para provocar una denegación de servicio (DoS). A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securitytracker.com/id/1042001 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:3725 https://bugs.python.org/issue32981 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061 https://docs.python.org/ • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2018-1060 – python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
https://notcve.org/view.php?id=CVE-2018-1060
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastrófico en el método apop () de pop3lib. Un atacante podría usar este fallo para causar la denegación de servicio. A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securitytracker.com/id/1042001 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:3725 https://bugs.python.org/issue32981 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060 https://docs.python.org/ • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-10733 – libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c
https://notcve.org/view.php?id=CVE-2018-10733
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función ft_font_face_hash de gxps-fonts.c en libgxps hasta la versión 0.3.0. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.redhat.com/show_bug.cgi?id=1574844 https://access.redhat.com/security/cve/CVE-2018-10733 https://bugzilla.redhat.com/show_bug.cgi?id=1576111 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2018-1000199 – kernel: ptrace() incorrect error handling leads to corruption and DoS
https://notcve.org/view.php?id=CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. El kernel de Linux en su versión 3.18 contiene una vulnerabilidad de funcionalidad peligrosa en modify_user_hw_breakpoint() que puede resultar en un cierre inesperado y en una posible corrupción de memoria. El ataque parece ser explotable mediante la ejecución de código local y la capacidad de usar ptrace. • https://github.com/dsfau/CVE-2018-1000199 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.securitytracker.com/id/1040806 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 http://www.securityfocus.com/bid/104093 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018& • CWE-416: Use After Free •