CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-15910 – ghostscript: LockDistillerParams type confusion (699656)
https://notcve.org/view.php?id=CVE-2018-15910
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una confusión de tipos en el parámetro LockDistillerParams para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c3476dde7743761a4e1d39a631716199b696b880 http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:2918 https://bugs.ghostscript.com/show_bug.cgi?id=699656 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&%3Butm_medium= • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 10.0EPSS: 2%CPEs: 17EXPL: 0CVE-2011-2767 – mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess
https://notcve.org/view.php?id=CVE-2011-2767
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. mod_perl 2.0 hasta la versión 2.0.10 permite que los atacantes ejecuten código Perl colocándolo en un archivo .htaccess propiedad del usuario, debido a que (al contrario de lo que pone en la documentación) no hay una opción de configuración que permita el código Perl para el control de administrador del procesamiento de peticiones HTTP sin permitir también que usuarios sin privilegios ejecuten código Perl en el contexto de la cuenta de usuario que ejecuta los procesos Apache HTTP Server. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html http://www.securityfocus.com/bid/105195 https://access.redhat.com/errata/RHSA-2018:2737 https://access.redhat.com/errata/RHSA-2018:2825 https://access.redhat.com/errata/RHSA-2018:2826 https://bugs.debian.org/644169 https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d%40%3Cmodperl-cvs.perl.apache.org%3E https://li • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-10873 – spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
https://notcve.org/view.php?id=CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.14.1 en la que el código generado utilizado para deserializar mensajes carecía de comprobaciones de límites suficientes. Un cliente o servidor malicioso, después de la autenticación, podría enviar mensajes especialmente manipulados a su peer, lo que resultaría en un cierre inesperado o, potencialmente, otros impactos. A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. • http://www.securityfocus.com/bid/105152 https://access.redhat.com/errata/RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873 https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •