CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 1CVE-2018-18313 – perl: Heap-based buffer read overflow in S_grok_bslash_N()
https://notcve.org/view.php?id=CVE-2018-18313
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de búfer mediante una expresión regular manipulada que desencadena la divulgación de información sensible de la memoria del proceso. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646738 https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://rt& • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:1790 https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https:&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-4425 – Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-4425
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Un problema de corrupción de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a iOS en versiones anteriores a la 12, macOS Mojave en versiones anteriores a la 10.14, tvOS en versiones anteriores a la 12 y watchOS en versiones anteriores a la 5. This vulnerability allows local attackers to execute escalate privileges on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209106 https://support.apple.com/kb/HT209107 https://support.apple.com/kb/HT209108 https://support.apple.com/kb/HT209139 https://support.apple.com/kb/HT209193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4351 – Apple macOS IntelFBClientControl doAtribute Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-4351
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. Un problema de inicialización de memoria se abordó con una gestión de memoria mejorada. Este problema afectaba a macOS Mojave en versiones anteriores a la 10.14. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. • https://support.apple.com/kb/HT209139 • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4404 – Apple macOS launchd Improper Access Check Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-4404
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. En iOS en versiones anteriores a la 11.4 y macOS High Sierra en versiones anteriores a la 10.13.5, existe un problema de corrupción de memoria y se abordó con la mejora de la gestión de memoria. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Mach messages to the Dock. The issue results from the lack of proper validation of the client prior to spawning a process. • https://www.exploit-db.com/exploits/45998 https://support.apple.com/HT208848%2C https://support.apple.com/HT208849 https://github.com/saelo/cve-2018-4233 https://github.com/saelo/pwn2own2018 https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •