CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19865
https://notcve.org/view.php?id=CVE-2018-19865
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html https://codereview.qt-project.org/#/c/243666 https://codereview.qt-project.org/#/c/244569 https://codereview.qt-project.org/#/c/244687 https://codereview.qt-project.org/#/c/244845 https://codereview.qt-project.org/#/c/245283 https&# • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-19841 – wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS
https://notcve.org/view.php?id=CVE-2018-19841
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. La función WavpackVerifySingleBlock en open_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo WavPack Lossless Audio manipulado, tal y como queda demostrado con wvunpack. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b https://github.com/dbry/WavPack/issues/54 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT https://lists.fedoraproject.org/archives/list/package • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-19840 – wawpack: Infinite loop in WavpackPackInit function lead to DoS
https://notcve.org/view.php?id=CVE-2018-19840
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. La función WavpackPackInit en pack_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (agotamiento de recursos provocado por un bucle infinito) mediante un archivo de audio wav manipulado debido a que WavpackSetConfiguration64 gestiona erróneamente una tasa de ejemplo con valor cero. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51 https://github.com/dbry/WavPack/issues/53 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT https://lists.fedoraproject.org/archives/list/package • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17953 – pam_access does not handle netmask matches correctly
https://notcve.org/view.php?id=CVE-2018-17953
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). Una variable incorrecta en un parche específico de SUSE para la coincidencia de reglas pam_access en PAM 1.3.0 en openSUSE Leap 15.0 y SUSE Linux Enterprise 15 podría conducir a que las reglas de pam_access no se apliquen (fail open). • https://bugzilla.suse.com/show_bug.cgi?id=1115640 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18849
https://notcve.org/view.php?id=CVE-2018-18849
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. En Qemu 3.0.0, lsi_do_msgin en hw/scsi/lsi53c895a.c permite el acceso fuera de límites desencadenando un valor msg_len inválido. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html http://www.openwall.com/lists/oss-security/2018/11/01/1 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP https://lists.gnu.org/archive/html • CWE-125: Out-of-bounds Read •