CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2018-14622
https://notcve.org/view.php?id=CVE-2018-14622
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en libtirpc en versiones anteriores a la 0.3.3-rc3. El valor de retorno de makefd_xprt() no se comprobó en todas las instancias, lo que podría conducir a un cierre inesperado cuando el servidor agotó el número máximo de descriptores de archivo disponibles. • http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0 https://access.redhat.com/errata/RHBA-2017:1991 https://bugzilla.novell.com/show_bug.cgi?id=968175 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622 https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html https://usn.ubuntu.com/3759-1 https://usn.ubuntu.com/3759-2 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16140
https://notcve.org/view.php?id=CVE-2018-16140
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. Una vulnerabilidad de subescritura de búfer en get_line() (en read.c) en fig2dev 3.2.7a permite que un atacante escriba antes del comienzo del búfer mediante un archivo .fig manipulado. • https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html https://sourceforge.net/p/mcj/tickets/28 https://usn.ubuntu.com/3760-1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-15911 – ghostscript: Uninitialized memory access in the aesdecode operator (699665)
https://notcve.org/view.php?id=CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear un acceso a la memoria no inicializada en el operador aesdecode para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8e9ce5016db968b40e4ec255a3005f2786cce45f http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699665 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&%3Butm_medium= • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-15909 – ghostscript: shading_param incomplete type checking (699660)
https://notcve.org/view.php?id=CVE-2018-15909
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes podrían emplear una confusión de tipos usando el operador .shfill para proporcionar archivos PostScript manipulados para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6 http://www.securityfocus.com/bid/105178 https://access.redhat.com/errata/RHSA-2018:3650 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K24803507?utm • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •