Page 147 of 2170 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2018-12367

https://notcve.org/view.php?id=CVE-2018-12367

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. En las mitigaciones anteriores para Spectre, la resolución o precisión de varios métodos se redujo para contrarrestar la capacidad de medir intervalos de tiempo precisos. En ese trabajo, no se ajustó PerformanceNavigationTiming, pero se descubrió que podría emplearse como temporizador de precisión. • http://www.securityfocus.com/bid/104561 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1462891 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16&# • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-13153 – ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c

https://notcve.org/view.php?id=CVE-2018-13153

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. En ImageMagick 7.0.8-4 hay una fuga de memoria en la función XMagickCommand en MagickCore/animate.c. A memory leak was discovered in ImageMagick in the XMagickCommand function in animate.c file. An array of strings, named filelist, is allocated on the heap but not released in case the function ExpandFilenames returns an error code. • http://www.securityfocus.com/bid/104687 http://www.securitytracker.com/id/1041219 https://github.com/ImageMagick/ImageMagick/issues/1195 https://usn.ubuntu.com/3711-1 https://access.redhat.com/security/cve/CVE-2018-13153 https://bugzilla.redhat.com/show_bug.cgi?id=1598471 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2018-12910 – libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames

https://notcve.org/view.php?id=CVE-2018-12910

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. La función get_cookies en soup-cookie-jar.c en libsoup 2.63.2 permite que los atacantes provoquen un impacto no especificado mediante un nombre de host vacío. An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047 https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f https://gitlab.gnome.org/GNOME/libsoup/issues/3 https://lists.debian.org/debian-lts-announce/2018/07/msg00007. • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2018-13099

https://notcve.org/view.php?id=CVE-2018-13099

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. Se ha descubierto un problema en fs/f2fs/inline.c en el kernel de Linux hasta la versión 4.4 Puede ocurrir una denegación de servicio (lectura fuera de límites y BUG) para una imagen de sistema de archivos f2fs modificada en el que un inode insertado contiene un blkaddr reservado no válido • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/104680 https://bugzilla.kernel.org/show_bug.cgi?id=200179 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=3bfe2049c222b23342ff2a216cd5a869e8a14897 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb https:// • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2018-13094 – kernel: NULL pointer dereference in xfs_da_shrink_inode function

https://notcve.org/view.php?id=CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. Se ha descubierto un problema en fs/xfs/libxfs/xfs_attr_leaf.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir un OOPS para una imagen xfs corrupta después de que se llame a xfs_da_shrink_inode() con un bp NULL. An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. • https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://bugzilla.kernel.org/show_bug.cgi?id=199969 https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a https://github.com/torvalds/linux/commit/bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://usn.ubuntu.com/3752-1 https • CWE-476: NULL Pointer Dereference •