CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 http://www.securityfocus.com/bid/104093 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018& • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-6797 – perl: heap write overflow in regcomp.c
https://notcve.org/view.php?id=CVE-2018-6797
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. Se ha descubierto un problema en Perl 5.26. Una expresión regular manipulada puede provocar un desbordamiento de búfer basado en memoria dinámica (heap), con control sobre los bytes que se escriben. A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. • http://www.securitytracker.com/id/1040681 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:1192 https://rt.perl.org/Public/Bug/Display.html?id=132227 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-6797 https://bugzilla.redhat.com/show_bug.cgi?id=1547783 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6798 – perl: heap read overflow in regexec.c
https://notcve.org/view.php?id=CVE-2018-6798
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. Se ha descubierto un problema en Perl, de la versión 5.22 a la 5.26. Si se hace que coincida una expresión regular dependiente de una locale manipulada, se puede provocar una sobrelectura de búfer basada en memoria dinámica (heap) y una potencial divulgación de información. A heap buffer over read flaw was found in the way Perl regular expression engine handled inputs with invalid UTF-8 characters. • http://www.securitytracker.com/id/1040681 https://access.redhat.com/errata/RHSA-2018:1192 https://rt.perl.org/Public/Bug/Display.html?id=132063 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-6798 https://bugzilla.redhat.com/show_bug.cgi?id=1547779 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 29EXPL: 0CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; específicamente la invocación EDITOR_PROGRAM (usando ed) puede resultar en la ejecución de código. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro común, las bases de código han divergido con el tiempo. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html http://rachelbythebay.com/w/2018/04/05/bangpatch https://access.redhat.com/errata/RHSA-2018:1199 https://access.redhat.com/errata/RHSA-2018:1200 https://access.redhat.com/errata/RHSA-2018:2091 https://access.redhat.com/errata/RHSA-2018:2092 https://access.redhat.com/errata/RHSA-2018:2093 https://access.redhat.com/errata/RHSA-2018:2094 https://access.redhat.com/errata/RHSA-2018:2095 ht • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 0CVE-2017-15710 – httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
https://notcve.org/view.php?id=CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. • http://www.openwall.com/lists/oss-security/2018/03/24/8 http://www.securityfocus.com/bid/103512 http://www.securitytracker.com/id/1040569 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-787: Out-of-bounds Write •