CVE-2018-5816
https://notcve.org/view.php?id=CVE-2018-5816
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). Un error de desbordamiento de enteros en la función "identify()" (internal/dcraw_common.cpp) en LibRaw, en versiones anteriores a la 0.18.12, puede explotarse para provocar una división entre cero mediante un archivo NOKIARAW especialmente manipulado (Nota: esta vulnerabilidad existe debido a una solución incompleta para CVE-2018-5804). • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt https://github.com/LibRaw/LibRaw/commit/1d8d1b452e5dc74033ee9f846081a0efb616cc39 https://secuniaresearch.flexerasoftware.com/advisories/83507 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-14 https://usn.ubuntu.com/3838-1 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-10727
https://notcve.org/view.php?id=CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. camel/providers/imapx/camel-imapx-server.c en el componente IMAPx en GNOME evolution-data-server en versiones anteriores a la 3.21.2 continúa con datos en texto claro que contienen una contraseña si el cliente desea emplear STARTTLS, pero el servidor no lo utiliza. Esto facilita que los atacantes remotos obtengan información sensible rastreando la red. El código del servidor debería reportar un error y no continuar, pero el código se escribió erróneamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1334842 https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2 https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022 https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67 https://usn.ubuntu.com/3724-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-14435 – ImageMagick: memory leak in DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2018-14435
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en DecodeImage en coders/pcd.c. • https://github.com/ImageMagick/ImageMagick/issues/1193 https://usn.ubuntu.com/3785-1 https://access.redhat.com/security/cve/CVE-2018-14435 https://bugzilla.redhat.com/show_bug.cgi?id=1609936 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-14434 – ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c
https://notcve.org/view.php?id=CVE-2018-14434
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en un mapa de color en WriteMPCImage en coders/mpc.c. • https://github.com/ImageMagick/ImageMagick/issues/1192 https://usn.ubuntu.com/3785-1 https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2018-14434 https://bugzilla.redhat.com/show_bug.cgi?id=1609933 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-14436 – ImageMagick: memory leak in ReadMIFFImage in coders/miff.c
https://notcve.org/view.php?id=CVE-2018-14436
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en ReadMIFFImage en coders/miff.c. • https://github.com/ImageMagick/ImageMagick/issues/1191 https://usn.ubuntu.com/3785-1 https://access.redhat.com/security/cve/CVE-2018-14436 https://bugzilla.redhat.com/show_bug.cgi?id=1609939 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •