Page 18 of 108 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2

CVE-2018-18407

https://notcve.org/view.php?id=CVE-2018-18407

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. Se ha descubierto una sobrelectura de búfer basada en memoria dinámica (heap) en el binario tcpreplay-edit de Tcpreplay 4.3.0 beta1 durante la operación de suma de verificación incremental. El problema se desencadena en la función csum_replace4() en incremental_checksum.h, lo que provoca una denegación de servicio (DoS). • https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#user-content-heap-overflow-in-csum_replace4 https://github.com/appneta/tcpreplay/issues/488 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-18409

https://notcve.org/view.php?id=CVE-2018-18409

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. Existe una sobrelectura de búfer basada en pila en setbit() en iptree.h en TCPFLOW 1.5.0, debido a los valores incorrectos recibidos que provocan un cálculo incorrecto, lo que conduce a una denegación de servicio (DoS) durante una llamada address_histogram o get_histogram. • https://github.com/simsong/tcpflow/issues/195 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6MP4YMCJX4ITOBFX427UMOA6E7ZLJDE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN5FW6HKPDP7PI2IVNMFSQVIDSCQ5BOR https://usn.ubuntu.com/3955-1 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2018-17847

https://notcve.org/view.php?id=CVE-2018-17847

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 25/09/2018 en Go gestiona de manera incorrecta , lo que conduce a un "panic: runtime error" (índice fuera de rango) en (*nodeStack).pop en node.go, llamado desde (*parser).clearActiveFormattingElements, durante una llamada html.Parse. • https://github.com/golang/go/issues/27846 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-17846

https://notcve.org/view.php?id=CVE-2018-17846

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. El paquete html (también conocido como x/net/html) hasta el 2018-09-25 en Go gestiona de manera incorrecta , lo que conduce a un bucle infinito durante una llamada html.Parse. Esto se debe a que inSelectIM e inSelectInTableIM no cumplen con una especificación. • https://github.com/golang/go/issues/27842 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2018-17848

https://notcve.org/view.php?id=CVE-2018-17848

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 25/09/2018 en Go gestiona de manera incorrecta <b></b><b>, lo que conduce a un "panic: runtime error" (índice fuera de rango) en (*insertionModeStack).pop en node.go, llamado desde inHeadIM, durante una llamada html.Parse.</b> • https://github.com/golang/go/issues/27846 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-129: Improper Validation of Array Index •