Page 142 of 733 results (0.023 seconds)

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2018-18310 – elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl

https://notcve.org/view.php?id=CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Se ha descubierto una desreferencia de dirección de memoria inválida en dwfl_segment_report_module.c en libdwfl en elfutils 0.4.8 hasta la versión v0.174. La vulnerabilidad permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo ELF manipulado, tal y como queda demostrado con consider_notes. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18310 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-12477 – obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories

https://notcve.org/view.php?id=CVE-2018-12477

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. Una vulnerabilidad de neutralización incorrecta de secuencias CRLF en Open Build Service permite que los atacantes remotos provoquen el borrado de directorios engañando a obs-service-refresh_patches para que los elimine. Las versiones afectadas son openSUSE Open Build Service en versiones anteriores a la d6244245dda5367767efc989446fe4b5e4609cce. • https://bugzilla.suse.com/show_bug.cgi?id=1108189 https://lwn.net/Articles/766535 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-17294

https://notcve.org/view.php?id=CVE-2018-17294

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. La función matchCurrentInput dentro de lou_translateString.c de Liblouis en versiones anteriores a la 3.7 no comprueba la longitud de la cadena entrante, permitiendo a los atacantes provocar una denegación de servicio (cierre inesperado de la aplicación mediante una lectura fuera de límites) creando un archivo entrante con determinados diccionarios de traducción. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html http://www.securityfocus.com/bid/105511 https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e https://github.com/liblouis/liblouis/issues/635 https://usn.ubuntu.com/3782-1 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1

CVE-2018-16402 – elfutils: Double-free due to double decompression of sections in crafted ELF causes crash

https://notcve.org/view.php?id=CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. libelf/elf_end.c en elfutils 0.173 permite que atacantes remotos provoquen una denegación de servicio (doble liberación y cierre inesperado de la aplicación) o, probablemente, cualquier otro tipo de problema debido a que trata de descomprimir dos veces. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23528 https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-16402 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-415: Double Free CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2018-16412

https://notcve.org/view.php?id=CVE-2018-16412

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. ImageMagick 7.0.8-11 Q16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función ParseImageResourceBlocks en coders/psd.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://www.securityfocus.com/bid/105241 https://github.com/ImageMagick/ImageMagick/issues/1250 https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2018/dsa-4316 • CWE-125: Out-of-bounds Read •