CVSS: 7.5EPSS: 7%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versión 4.1.0 hasta la 4.1-ESV-R15, desde la versión 4.2.0 hasta la 4.2.8, desde la versión 4.3.0 hasta la 4.3.6 y a la versión 4.4.0. A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. • http://www.securityfocus.com/bid/103188 http://www.securitytracker.com/id/1040437 https://access.redhat.com/errata/RHSA-2018:0469 https://access.redhat.com/errata/RHSA-2018:0483 https://kb.isc.org/docs/aa-01567 https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html https://usn.ubuntu.com/3586-1 https://usn.ubuntu.com/3586-2 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2018-5733 https://bugzilla.redhat • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0CVE-2018-5379 – quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberación (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desconocidos. Un ataque con éxito podría provocar una denegación de servicio (DoS) o permitir que un atacante ejecute código arbitrario. A double-free vulnerability was found in Quagga. • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 http://www.kb.cert.org/vuls/id/940439 http://www.securityfocus.com/bid/103105 https://access.redhat.com/errata/RHSA-2018:0377 https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html https://security.gentoo.org/glsa/201804-17 https://usn.ubuntu.com/3573-1 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.8EPSS: 59%CPEs: 22EXPL: 2CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file. LibreOffice suffers from a remote arbitrary file disclosure vulnerability. • https://www.exploit-db.com/exploits/44022 https://access.redhat.com/errata/RHSA-2018:0418 https://access.redhat.com/errata/RHSA-2018:0517 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure https://usn.ubuntu.com/3579-1 https://www.debian.org/security/2018/dsa-4111 https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 https://access.red • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten. • http://www.securitytracker.com/id/1041520 https://access.redhat.com/errata/RHSA-2018:0260 https://bugzilla.redhat.com/show_bug.cgi?id=1534701 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://usn.ubuntu.com/3558-1 https://access.redhat.com/security/cve/CVE-2018-1049 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2017-15134 – 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c
https://notcve.org/view.php?id=CVE-2017-15134
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de desbordamiento de búfer basado en pila en la forma en la que 389-ds-base, en versiones 1.3.6.x anteriores a la 1.3.6.13, versiones 1.3.7.x anteriores a la 1.3.7.9 y versiones 1.4.x anteriores a la 1.4.0.5, gestionaba ciertos filtros de búsqueda LDAP. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html http://www.securityfocus.com/bid/102790 https://access.redhat.com/errata/RHSA-2018:0163 https://bugzilla.redhat.com/show_bug.cgi?id=1531573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/c/6aa2acdc3cad9 https://access.redhat.com/security/cve/CVE-2017-15134 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •