CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20549
https://notcve.org/view.php?id=CVE-2018-20549
28 Dec 2018 — There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Hay un acceso de ESCRITURA ilegal en la memoria en caca/file.c (función caca_file_read) en libcaca 0.99.beta19. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-9568 – kernel: Memory corruption due to incorrect socket cloning
https://notcve.org/view.php?id=CVE-2018-9568
06 Dec 2018 — In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. • https://access.redhat.com/errata/RHSA-2019:0512 • CWE-122: Heap-based Buffer Overflow CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-19824 – kernel: Use-after-free in sound/usb/card.c:usb_audio_probe()
https://notcve.org/view.php?id=CVE-2018-19824
03 Dec 2018 — In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. En el kernel de Linux hasta la versión 4.19.6, un usuario local podría explotar memoria previamente liberada en el controlador ALSA suministrando un dispositivo de sonido USB malicioso (con cero interfaces) que no se maneja correctamente en usb_audio_probe en sound/usb/card.c. A flaw was ... • http://www.securityfocus.com/bid/106109 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 42%CPEs: 8EXPL: 5CVE-2018-19788 – polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass
https://notcve.org/view.php?id=CVE-2018-19788
03 Dec 2018 — A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Se ha detectado un fallo en PolicyKit (también conocido como polkit) 0.115 que permite que un usuario con una uid mayor que INT_MAX ejecute con éxito cualquier comando systemctl. USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user... • https://github.com/AbsoZed/CVE-2018-19788 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19787 – Ubuntu Security Notice USN-3841-1
https://notcve.org/view.php?id=CVE-2018-19787
02 Dec 2018 — An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. Se ha descubierto un problema en lxml en versiones anteriores a la 4.2.5. lxml/html/clean.py en el módulo lxml.html.clean no elimina las URL javascript: que utilizan escapado, permitiendo que un atacante remo... • https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
30 Nov 2018 — Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of se... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 3%CPEs: 17EXPL: 1CVE-2018-18313 – perl: Heap-based buffer read overflow in S_grok_bslash_N()
https://notcve.org/view.php?id=CVE-2018-18313
30 Nov 2018 — Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de búfer mediante una expresión regular manipulada que desencadena la divulgación de información sensible de la memoria del proceso. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, o... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 10%CPEs: 10EXPL: 1CVE-2018-14629 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-14629
27 Nov 2018 — A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 6%CPEs: 9EXPL: 0CVE-2018-16841 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16841
27 Nov 2018 — Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the ... • http://www.securityfocus.com/bid/106023 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 7%CPEs: 10EXPL: 0CVE-2018-16851 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16851
27 Nov 2018 — Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desd... • http://www.securityfocus.com/bid/106027 • CWE-476: NULL Pointer Dereference •