CVSS: 9.8EPSS: 39%CPEs: 25EXPL: 3CVE-2018-1000140 – librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
https://notcve.org/view.php?id=CVE-2018-1000140
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. rsyslog librelp en versiones 1.2.14 y anteriores contiene una vulnerabilidad de desbordamiento de búfer en la verificación de certificados x509 desde un peer que puede resultar en la ejecución remota de código. Parece que este ataque puede ser explotable debido a que un atacante remoto puede conectarse a rsyslog y desencadena un desbordamiento de búfer basado en pila mediante el envío de un certificado x509 especialmente manipulado. A stack-based buffer overflow was found in the way librelp parses X.509 certificates. By connecting or accepting connections from a remote peer, an attacker may use a specially crafted X.509 certificate to exploit this flaw and potentially execute arbitrary code. • https://github.com/s0/rsyslog-librelp-CVE-2018-1000140 https://github.com/s0/rsyslog-librelp-CVE-2018-1000140-fixed http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html https://access.redhat.com/errata/RHSA-2018:1223 https://access.redhat.com/errata/RHSA-2018:1225 https://access.redhat.com/errata/RHSA-2018:1701 https://access.redhat.com/errata/RHSA-2018:1702 https://access.redhat.com/errata/RHSA-2018:1703 https://access.redhat.com/errata/RHSA-2018:1704 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 1CVE-2018-8945 – binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable
https://notcve.org/view.php?id=CVE-2018-8945
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: ninguna. Motivo: Este candidato estaba en un grupo de CNA que no estaba asignado a ningún problema durante 2017. Notas: ninguna. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22809 https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-8945 https://bugzilla.redhat.com/show_bug.cgi?id=1560827 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 2CVE-2018-8905 – libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-8905
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. En LibTIFF 4.0.9, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en la función LZWDecodeCompat en tif_lzw.c mediante un archivo TIFF. Esto se demuestra por tiff2ps. • http://bugzilla.maptools.org/show_bug.cgi?id=2780 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6084 – Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-6084
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. Los objetos distribuidos poco saneados en Updater en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitían que un atacante local ejecutase código arbitrario mediante un archivo ejecutable. Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distributed Objects. • https://www.exploit-db.com/exploits/44307 http://www.securityfocus.com/bid/103468 http://www.securityfocus.com/bid/103917 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/822424 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. • http://www.securityfocus.com/bid/103737 http://www.securitytracker.com/id/1040627 https://access.redhat.com/errata/RHSA-2018:0582 https://access.redhat.com/errata/RHSA-2018:0592 https://access.redhat.com/errata/RHSA-2018:0627 https://access.redhat.com/errata/RHSA-2018:0628 https://access.redhat.com/errata/RHSA-2018:0629 https://access.redhat.com/errata/RHSA-2018:0630 https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https: • CWE-502: Deserialization of Untrusted Data •