CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10360 – file: out-of-bounds read via a crafted ELF file
https://notcve.org/view.php?id=CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función do_core_note en readelf.c en libmagic.a en file 5.33 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) utilizando un archivo ELF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 https://security.gentoo.org/glsa/201806-08 https://usn.ubuntu.com/3686-1 https://usn.ubuntu.com/3686-2 https://access.redhat.com/security/cve/CVE-2018-10360 https://bugzilla.redhat.com/show_bug.cgi?id=1590000 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12085 – liblouis: Stack-based buffer overflow in compileTranslationTable.c
https://notcve.org/view.php?id=CVE-2018-12085
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Liblouis 3.6.0 tiene un desbordamiento de búfer basado en pila en la función parseChars en compileTranslationTable.c. Esta vulnerabilidad es diferente de CVE-2018-11440. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html https://github.com/liblouis/liblouis/issues/595 https://usn.ubuntu.com/3782-1 https://access.redhat.com/security/cve/CVE-2018-12085 https://bugzilla.redhat.com/show_bug.cgi?id=1589940 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-12020 – gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
https://notcve.org/view.php?id=CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. mainproc.c en GnuPG en versiones anteriores a la 2.2.8 gestiona de manera incorrecta el nombre de archivo original durante las acciones de descifrado y verificación, lo que permite que atacantes remotos suplanten la salida que GnuPG envía en el descriptor de archivo 2 a otros programas que emplean la opción "--status-fd 2". Por ejemplo, los datos OpenPGP podrían representar un nombre de archivo original que contiene caracteres de nueva línea junto con los códigos de estado GOODSIG o VALIDSIG. A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. • http://openwall.com/lists/oss-security/2018/06/08/2 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html http://seclists.org/fulldisclosure/2019/Apr/38 http://www.openwall.com/lists/oss-security/2019/04/30/4 http://www.securityfocus.com/bid/104450 http://www.securitytracker.com/id/1041051 https://access.redhat.com/errata/RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2181 https://dev.gnupg.org/T4012 https://github.com/RUB-NDS/Johnny&# • CWE-20: Improper Input Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 52%CPEs: 14EXPL: 1CVE-2018-12015 – perl: Directory traversal in Archive::Tar
https://notcve.org/view.php?id=CVE-2018-12015
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. En Perl hasta la versión 5.26.2, el módulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protección de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre. It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/104423 http://www.securitytracker.com/id/1041048 https://access.redhat.com/errata/RHSA-2019:2097 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 https://seclists.org/bugtraq/2019/Mar/42 https://security.netapp.com/advisory/ntap-20180927-0001 https://support.apple.com/kb/HT209600 https://usn.ubuntu.com/3684-1 https://usn.ubuntu.com/3684-2 https://www.debian.org/security/2018& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. • http://www.openwall.com/lists/oss-security/2018/06/07/1 http://www.securityfocus.com/bid/104400 https://access.redhat.com/errata/RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=1586245 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •