CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2018-14938
https://notcve.org/view.php?id=CVE-2018-14938
05 Aug 2018 — An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). Se ha descubierto un problema en wifipcap/wifipcap.cpp en TCPFLOW hasta la versión 1.5.0-alpha. Hay un desbordamiento de enteros en la funció... • https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6156 – chromium-browser: Heap buffer overflow in WebRTC
https://notcve.org/view.php?id=CVE-2018-6156
27 Jul 2018 — Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. La derivación incorrecta de la longitud de un paquete en WebRTC en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de un archivo de video diseñado. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
10 Jul 2018 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-13005
https://notcve.org/view.php?id=CVE-2018-13005
29 Jun 2018 — An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. Se ha descubierto un problema en MP4Box en GPAC 0.7.1. La función urn_Read in isomedia/box_code_base.c tiene una sobrelectura de búfer basada en memoria dinámica (heap). • https://github.com/gpac/gpac/issues/1088 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13006
https://notcve.org/view.php?id=CVE-2018-13006
29 Jun 2018 — An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. Se ha descubierto un problema en MP4Box en GPAC 0.7.1. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función hdlr_dump en media/box_dump.c. • https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 13%CPEs: 5EXPL: 1CVE-2018-12900 – libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution
https://notcve.org/view.php?id=CVE-2018-12900
26 Jun 2018 — Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. Desbordamiento de búfer basado en heap en la función cpSeparateBufToContigBuf en tiffcp.c en LibTIFF versiones 3.9.3, 3.9.4,... • http://bugzilla.maptools.org/show_bug.cgi?id=2798 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1000517
https://notcve.org/view.php?id=CVE-2018-1000517
26 Jun 2018 — BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. BusyBox wget, de BusyBox project , en versiones anteriores al commit con ID 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e, contiene una vulnerabilidad de desb... • https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 2CVE-2018-12617 – QEMU Guest Agent 2.12.50 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-12617
21 Jun 2018 — qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. qmp_guest_file_read en qga/commands-posix.c y qga/commands-win32.c en qemu-ga (también conocido como QEM... • https://www.exploit-db.com/exploits/44925 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10855 – ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
https://notcve.org/view.php?id=CVE-2018-10855
19 Jun 2018 — Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. Ansible, en versiones 2.5 anteriores a la 2.5.5 y 2.4 anteriores a la 2.4.5, no cumplen con la marca de tarea no_log para las tareas fallidas. Cuando se ha empleado la marca... • https://access.redhat.com/errata/RHBA-2018:3788 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 1CVE-2018-0495 – ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
https://notcve.org/view.php?id=CVE-2018-0495
13 Jun 2018 — Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Libgcrypt en versiones anteriores a la 1.7.10 y versiones 1.8.x anteriores... • http://www.securitytracker.com/id/1041144 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •