CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000878
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416: uso de memoria previamente liberada en el descodificador RAR (libarchive/archive_read_support_format_rar.c) que puede resultar en un cierre inesperado/denegación de servicio. Se desconoce si se puede ejecutar código de forma remota. El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-416: Use After Free •
CVSS: 8.1EPSS: 21%CPEs: 8EXPL: 0CVE-2018-16873
https://notcve.org/view.php?id=CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u". • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html http://www.securityfocus.com/bid/106226 https://bugzilla&# • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16874
https://notcve.org/view.php?id=CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. En Go en versiones anteriores a la 1.10.6 y versiones 1.11.x anteriores a la 1.11.3, el comando "go get" es vulnerable a un salto de directorio cuando se ejecuta con la ruta de importación de un paquete Go malicioso que contiene llaves (ambos caracteres "{" y "}"). Específicamente, solo es vulnerable en modo GOPATH, pero no en modo módulo (la diferencia está documentada en https://golang.org/cmd/go/#hdr-Module_aware_go_get). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html http://www.securityfocus.com/bid/106228 https://bugzilla&# • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-18335 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-18335
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/895362 https://security.gentoo.org/glsa/201904-07 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18335 https://bugzilla.redhat& • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2018-18356 – mozilla: Use after free in Skia
https://notcve.org/view.php?id=CVE-2018-18356
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en el manejo de rutas conduce a un uso de memoria previamente liberada en Skia en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://access.redhat.com/errata/RHSA-2019:0373 https://access.redhat.com/errata/RHSA-2019:0374 https://access.redhat.com/errata/RHSA-2019:1144 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/883666 https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html h • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •