CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6552 – Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing
https://notcve.org/view.php?id=CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28. Apport no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. • https://usn.ubuntu.com/3664-2 https://usn.ubuntu.com/usn/usn-3664-1 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-11625
https://notcve.org/view.php?id=CVE-2018-11625
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. En ImageMagick 7.0.7-37 Q16, SetGrayscaleImage en el archivo quantize.c permite que los atacantes provoquen una sobrelectura de búfer basada en memoria dinámica (heap) mediante un archivo manipulado. • https://github.com/ImageMagick/ImageMagick/issues/1156 https://usn.ubuntu.com/3681-1 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-11577 – liblouis: Segmentation fault in logging.c:lou_logPrint()
https://notcve.org/view.php?id=CVE-2018-11577
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Liblouis 3.5.0 tiene un fallo de segmentación en lou_logPrint en logging.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html https://github.com/Edward-L/fuzzing-pocs/tree/master/liblouis https://github.com/liblouis/liblouis/issues/582 https://usn.ubuntu.com/3669-1 https://access.redhat.com/security/cve/CVE-2018-11577 https://bugzilla.redhat.com/show_bug.cgi?id=1585905 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5388 – strongSwan VPN Charon Server Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-5388
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. En stroke_socket.c en strongSwan en versiones anteriores a la 5.6.3, la ausencia de comprobaciones de la longitud de los paquetes podría permitir un desbordamiento del búfer, lo que puede conducir al agotamiento del recurso y a la denegación de servicio mientras se lee desde el socket. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html http://www.kb.cert.org/vuls/id/338343 http://www.securityfocus.com/bid/104263 https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4 https://security.gentoo.org/gls • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-10196
https://notcve.org/view.php?id=CVE-2018-10196
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. Vulnerabilidad de desreferencia de puntero NULL en la función ebuild_vlists en lib/dotgen/conc.c en la biblioteca dotgen en Graphviz 2.40.1 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo manipulado. • https://bugzilla.redhat.com/show_bug.cgi?id=1579254 https://gitlab.com/graphviz/graphviz/issues/1367 https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4 https://usn.ubuntu.com/3731-1 • CWE-476: NULL Pointer Dereference •