CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2018-2815 – OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757)
https://notcve.org/view.php?id=CVE-2018-2815
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103848 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2018-2783 – JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security)
https://notcve.org/view.php?id=CVE-2018-2783
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103832 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1205 https://access.redhat.com/errata/RHSA-2018:1721 https://access.redhat.com/errata/RHSA-2018:1722 https://access.redhat.com/errata/RHSA-2018:1723 https://access.redhat.com/errata/RHSA-2018:1724 https://access.redhat.com/errata/ •
CVSS: 7.8EPSS: 2%CPEs: 13EXPL: 0CVE-2018-10194 – ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c
https://notcve.org/view.php?id=CVE-2018-10194
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. La función set_text_distance en devices/vector/gdevpdts.c en el componente pdfwrite en Artifex Ghostscript, hasta la versión 9.22, no evita los desbordamientos en el cálculo de posicionamiento de texto. Esto permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar mediante un documento PDF manipulado. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=39b1e54b2968620723bf32e96764c88797714879 http://www.securitytracker.com/id/1040729 https://access.redhat.com/errata/RHSA-2018:2918 https://bugs.ghostscript.com/show_bug.cgi?id=699255 https://lists.debian.org/debian-lts-announce/2018/04/msg00028.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3636-1 https://access.redhat.com/security/cve/CVE-2018-10194 https://bugzilla.redhat.com/show_bug.cgi?id=1569108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1088 – glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled
https://notcve.org/view.php?id=CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. Se ha encontrado un error de escalado de privilegios en el programador de capturas en gluster, en versiones 3.x. Cualquier cliente gluster al que se le permita montar volúmenes de gluster también podría montar un volumen de almacenamiento compartido de gluster y escalar privilegios programando un cronjob malicioso mediante un enlace simbólico. A privilege escalation flaw was found in gluster snapshot scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:1136 https://access.redhat.com/errata/RHSA-2018:1137 https://access.redhat.com/errata/RHSA-2018:1275 https://access.redhat.com/errata/RHSA-2018:1524 https://bugzilla.redhat.com/show_bug.cgi?id=1558721 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018- • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6798 – perl: heap read overflow in regexec.c
https://notcve.org/view.php?id=CVE-2018-6798
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. Se ha descubierto un problema en Perl, de la versión 5.22 a la 5.26. Si se hace que coincida una expresión regular dependiente de una locale manipulada, se puede provocar una sobrelectura de búfer basada en memoria dinámica (heap) y una potencial divulgación de información. A heap buffer over read flaw was found in the way Perl regular expression engine handled inputs with invalid UTF-8 characters. • http://www.securitytracker.com/id/1040681 https://access.redhat.com/errata/RHSA-2018:1192 https://rt.perl.org/Public/Bug/Display.html?id=132063 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-6798 https://bugzilla.redhat.com/show_bug.cgi?id=1547779 • CWE-125: Out-of-bounds Read •