CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-6797 – perl: heap write overflow in regcomp.c
https://notcve.org/view.php?id=CVE-2018-6797
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. Se ha descubierto un problema en Perl 5.26. Una expresión regular manipulada puede provocar un desbordamiento de búfer basado en memoria dinámica (heap), con control sobre los bytes que se escriben. A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. • http://www.securitytracker.com/id/1040681 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:1192 https://rt.perl.org/Public/Bug/Display.html?id=132227 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-6797 https://bugzilla.redhat.com/show_bug.cgi?id=1547783 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2018-10120 – libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10120
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. La función SwCTBWrapper::Read en sw/source/filter/ww8/ww8toolbar.cxx en LibreOffice, en versiones anteriores a la 5.4.6.1 y versiones 6.x anteriores a la 6.0.2.1, no valida un índice de personalizaciones. Esto permite que los atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap con acceso de escritura) o cualquier otro tipo de impacto sin especificar mediante un documento manipulado que contiene un registro de Microsoft Word determinado. • https://access.redhat.com/errata/RHSA-2018:3054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173 https://gerrit.libreoffice.org/#/c/49486 https://gerrit.libreoffice.org/#/c/49499 https://gerrit.libreoffice.org/#/c/49500 https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=017fcc2fcd00af17a97bd5463d89662404f57667 https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html https://usn.ubuntu.com/3883-1 https://www.debian.org/security/2018/dsa&# • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2018-10119 – libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10119
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. sot/source/sdstor/stgstrms.cxx en LibreOffice, en versiones anteriores a la 5.4.5.1 y versiones 6.x anteriores a la 6.0.1.1, emplea un tipo de datos incorrecto en la clase StgSmallStrm. Esto permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada con acceso de escritura) o que puedan causar otro tipo de impacto sin especificar mediante un documento manipulado que emplea el formato contenedor de archivo ole2 de almacenamiento estructurado. • https://access.redhat.com/errata/RHSA-2018:3054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747 https://gerrit.libreoffice.org/#/c/48751 https://gerrit.libreoffice.org/#/c/48756 https://gerrit.libreoffice.org/#/c/48757 https://gerrit.libreoffice.org/#/c/48758 https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=fdd41c995d1f719e92c6f083e780226114762f05 https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html https://usn.ubuntu.com/3883- • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2018-1084 – corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
https://notcve.org/view.php?id=CVE-2018-1084
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. corosync en versiones anteriores a la 2.4.4 es vulnerable a un desbordamiento de enteros en exec/totemcrypto.c. An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. • http://www.securityfocus.com/bid/103758 https://access.redhat.com/errata/RHSA-2018:1169 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084 https://security.gentoo.org/glsa/202107-01 https://usn.ubuntu.com/4000-1 https://www.debian.org/security/2018/dsa-4174 https://access.redhat.com/security/cve/CVE-2018-1084 https://bugzilla.redhat.com/show_bug.cgi?id=1552830 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1777
https://notcve.org/view.php?id=CVE-2015-1777
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. rhnreg_ks en Red Hat Network Client Tools (también conocido como rhn-client-tools) en Red Hat Gluster Storage 2.1 y Enterprise Linux (RHEL) 5, 6 y 7 no valida correctamente los nombres de host en los certificados X.509 de los servidores SSL. Esto puede permitir que atacantes remotos eviten el registro en el sistema mediante un ataque Man-in-the-Middle (MitM). • http://www.openwall.com/lists/oss-security/2015/03/04/7 http://www.securityfocus.com/bid/72943 https://bugzilla.redhat.com/show_bug.cgi?id=1198740 • CWE-295: Improper Certificate Validation •