CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1000121 – curl: LDAP NULL pointer dereference
https://notcve.org/view.php?id=CVE-2018-1000121
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service Existe una desreferencia de puntero NULL en curl, de la versión 7.21.0 a la 7.58.0, en el código LDAP que permite que un atacante provoque una denegación de servicio (DoS). A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103415 http://www.securitytracker.com/id/1040529 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2020:0544 https://access.redhat.com/errata/RHSA-2020:0594 https://curl&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1000122 – curl: RTSP RTP buffer over-read
https://notcve.org/view.php?id=CVE-2018-1000122
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage Existe una sobrelectura de búfer en curl, de la versión 7.20.0 a la 7.58.0, en el código de gestión RTSP+RTP que permite que un atacante provoque una denegación de servicio (DoS) o una fuga de información. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103436 http://www.securitytracker.com/id/1040530 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2020:0544 https://access • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000132 – mercurial: HTTP server permissions bypass
https://notcve.org/view.php?id=CVE-2018-1000132
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. Mercurial, en versiones 4.5 y anteriores, contiene una vulnerabilidad de control de acceso incorrecto (CWE-285) en el servidor de protocolo que puede resultar en el acceso a datos sin autorización. Este ataque parece ser explotable mediante conectividad de red. • https://access.redhat.com/errata/RHSA-2019:2276 https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29 https://access.redhat.com/security/cve/CVE-2018-1000132 https://bugzilla.redhat.com/show_bug.cgi?id=1553265 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-18229
https://notcve.org/view.php?id=CVE-2017-18229
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de error de asignación en la función ReadTIFFImage en coders/tiff.c, lo que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado, debido a que el tamaño del archivo no se emplea adecuadamente para restringir las asignaciones scanline, strip y tile. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32 https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://sourceforge.net/p/graphicsmagick/bugs/461 https://usn.ubuntu.com/4266-1 https://www.debian.org/security/2018/dsa-4321 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-18231
https://notcve.org/view.php?id=CVE-2017-18231
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en la función ReadEnhMetaFile en coders/emf.c, que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://sourceforge.net/p/graphicsmagick/bugs/475 https://usn.ubuntu.com/4266-1 https://www.debian.org/security/2018/dsa-4321 • CWE-476: NULL Pointer Dereference •