CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 3CVE-2018-8763 – Debian Security Advisory 4165-1
https://notcve.org/view.php?id=CVE-2018-8763
22 Mar 2018 — Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. Roland Gruber Softwareentwicklung LDAP Account Manager, en versiones anteriores a la 6.3, contiene Cross-Site Scripting (XSS) mediante el parámetro dn en el URI templates/3rdParty/pla/htdocs/cmd.php o el parámetro template en el URI templates/3rdParty/pla/htdocs/cmd.php?cmd=r... • https://packetstorm.news/files/id/146858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2018-8822 – Debian Security Advisory 4188-1
https://notcve.org/view.php?id=CVE-2018-8822
20 Mar 2018 — Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. Manipulación incorrecta de longitud de búfer en la función ncp_read_kernel en fs/ncpfs/ncplib_kernel.c en el kernel de Linux hasta la versión 4.15.11 y en drivers/staging/ncpfs/ncplib_kernel.c en el kernel de... • http://www.openwall.com/lists/oss-security/2022/12/27/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-8741 – Debian Security Advisory 4168-1
https://notcve.org/view.php?id=CVE-2018-8741
17 Mar 2018 — A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. Un error de salto de directorio en SquirrelMail 1.4.22 permite que un atacante autenticado exfiltre (o elimine) archivos del servidor que los aloja. Esto está relacionado con ../ en el campo att_local_name en Deliver.class.php. Florian Grunow und Birk Kauer of ERNW discovered a path traversal v... • http://www.openwall.com/lists/oss-security/2018/03/17/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-1068 – kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
https://notcve.org/view.php?id=CVE-2018-1068
16 Mar 2018 — A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Se ha encontrado un error en la implementación de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permitía que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel. A flaw was found in the Linux kernel's implementat... • http://www.securityfocus.com/bid/103459 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 26%CPEs: 22EXPL: 1CVE-2018-5146 – Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5146
16 Mar 2018 — An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Una escritura de memoria fuera de límites mientras se procesaban los datos de audio de Vorbis fue reportada a través de la competición Pwn2Own. Esta vulnerabilidad afecta a las versiones anteriores a la 59.0.1 de Firefox, las versiones anteriores a la 52.7.2 de Firefox ESR y las versiones anteriores a la 52.7 de ... • https://github.com/f01965/CVE-2018-5146 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-5147 – Debian Security Advisory 4141-1
https://notcve.org/view.php?id=CVE-2018-5147
16 Mar 2018 — The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. La librería libtremor tiene el mismo fallo que CVE-2018-5146. Esta librería es usada por Firefox en lugar de libvorbis en plataformas Android y ARM. • http://www.securityfocus.com/bid/103432 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-7033 – Ubuntu Security Notice USN-4781-2
https://notcve.org/view.php?id=CVE-2018-7033
15 Mar 2018 — SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. SchedMD Slurm en versiones anteriores a la 17.02.10 y 17.11.x en versiones anteriores a la 17.11.5 permite ataques de inyección SQL contra SlurmDBD. USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. • https://lists.debian.org/debian-lts-announce/2018/04/msg00032.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18233 – exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp
https://notcve.org/view.php?id=CVE-2017-18233
15 Mar 2018 — An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. Desbordamiento de enteros en la clase Chunk en XMPFiles/source/FormatSupport/RIFF.cpp permite que los atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante datos XMP manipulados... • https://access.redhat.com/errata/RHSA-2019:2048 • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18234 – exempi: Use after free via a PDF file containing JPEG data
https://notcve.org/view.php?id=CVE-2017-18234
15 Mar 2018 — An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. Permite que los atacantes remotos provoq... • https://access.redhat.com/errata/RHSA-2019:2048 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18236 – exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp
https://notcve.org/view.php?id=CVE-2017-18236
15 Mar 2018 — An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. La función ASF_Support::ReadHeaderObject en XMPFiles/source/FormatSupport/ASF_Support.cpp permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo .asf man... • https://access.redhat.com/errata/RHSA-2019:2048 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •