
CVE-2018-10958 – exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress()
https://notcve.org/view.php?id=CVE-2018-10958
10 May 2018 — In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. En types.cpp en Exiv2 0.26, un valor de tamaño largo podría conducir a un SIGABRT durante un intento de asignación de memoria en una llamada Exiv2::Internal::PngChunk::zlibUncompress. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Exiv2 incorr... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •

CVE-2018-10963 – libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c
https://notcve.org/view.php?id=CVE-2018-10963
10 May 2018 — The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. La función TIFFWriteDirectorySec() en tif_dirwrite.c en LibTIFF hasta la versión 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción y cierre inesperado de la aplicación) mediante un archivo manipulado. It was discovered that LibT... • http://bugzilla.maptools.org/show_bug.cgi?id=2795 • CWE-617: Reachable Assertion •

CVE-2018-10804 – ImageMagick: Memory leak in WriteTIFFImage
https://notcve.org/view.php?id=CVE-2018-10804
08 May 2018 — ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en WriteTIFFImage en coders/tiff.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the progra... • https://github.com/ImageMagick/ImageMagick/issues/1053 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •

CVE-2018-10805 – ImageMagick: Memory leak in ReadYCBCRImage
https://notcve.org/view.php?id=CVE-2018-10805
08 May 2018 — ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en ReadYCBCRImage en coders/ycbcr.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the prog... • https://github.com/ImageMagick/ImageMagick/issues/1054 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •

CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2018-1087 – Kernel: KVM: error in exception handling leads to wrong debug stack value
https://notcve.org/view.php?id=CVE-2018-1087
08 May 2018 — kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to cra... • http://www.openwall.com/lists/oss-security/2018/05/08/5 • CWE-250: Execution with Unnecessary Privileges •

CVE-2018-10779 – libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c
https://notcve.org/view.php?id=CVE-2018-10779
07 May 2018 — TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. TIFFWriteScanline en tif_write.c en LibTIFF 3.8.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap), tal y como queda demostrado con bmp2tiff. An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial ... • http://bugzilla.maptools.org/show_bug.cgi?id=2788 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVE-2018-0494 – GNU wget - Cookie Injection
https://notcve.org/view.php?id=CVE-2018-0494
06 May 2018 — GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. GNU Wget en versiones anteriores a la 1.19.5 es propenso a una vulnerabilidad de inyección de cookies en la función resp_new en http.c mediante una secuencia \r\n en una línea de continuación. A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains. Harry Sintonen... • https://packetstorm.news/files/id/147517 • CWE-20: Improper Input Validation •

CVE-2018-1061 – python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
https://notcve.org/view.php?id=CVE-2018-1061
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. python en versiones anteriores a la 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a backtracking catastrófico en el método difflib.IS_LINE_JUNK. Un atacante podría utilizar este fallo para provocar una denegación de servicio (DoS). A flaw was found in the way catastrophic backtracking was implem... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •

CVE-2018-1060 – python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
https://notcve.org/view.php?id=CVE-2018-1060
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastrófico en el método apop () de pop3lib. Un atacante podría usar este fallo para causar la denegación de servicio. A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's a... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •