CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2018-10120 – libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10120
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. La función SwCTBWrapper::Read en sw/source/filter/ww8/ww8toolbar.cxx en LibreOffice, en versiones anteriores a la 5.4.6.1 y versiones 6.x anteriores a la 6.0.2.1, no valida un índice de personalizaciones. Esto permite que los atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap con acceso de escritura) o cualquier otro tipo de impacto sin especificar mediante un documento manipulado que contiene un registro de Microsoft Word determinado. • https://access.redhat.com/errata/RHSA-2018:3054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173 https://gerrit.libreoffice.org/#/c/49486 https://gerrit.libreoffice.org/#/c/49499 https://gerrit.libreoffice.org/#/c/49500 https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=017fcc2fcd00af17a97bd5463d89662404f57667 https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html https://usn.ubuntu.com/3883-1 https://www.debian.org/security/2018/dsa&# • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10087
https://notcve.org/view.php?id=CVE-2018-10087
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. La función kernel_wait4 en kernel/exit.c en el kernel de Linux, en versiones anteriores a la 4.13, cuando se emplea una arquitectura y un compilador sin especificar, podría permitir que usuarios locales provoquen una denegación de servicio (DoS) desencadenando un intento de uso del valor -INT_MIN. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4 http://www.securityfocus.com/bid/103774 https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://news.ycombinator.com/item?id=2972021 https://usn.ubuntu.com/3696-1 https://usn.ubuntu.com/3696-2 https://usn.ubuntu.com/3754-1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1100 – zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-1100
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. zsh hasta la versión 5.4.2 es vulnerable a un desbordamiento de búfer basado en pila en la función utils.c:checkmailpath. Un atacante local podría explotarlo para ejecutar código arbitrario en el contexto de otro usuario. A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. • https://access.redhat.com/errata/RHSA-2018:1932 https://access.redhat.com/errata/RHSA-2018:3073 https://bugzilla.redhat.com/show_bug.cgi?id=1563395 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f https://usn.ubuntu.com/3764-1 https://access.redhat.com/security/cve/CVE-2018-1100 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9918
https://notcve.org/view.php?id=CVE-2018-9918
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. libqpdf.a en QPDF hasta la versión 8.0.2 gestiona de manera incorrecta ciertos casos de "clave de diccionario esperada pero objeto sin nombre encontrado". Esto permite que los atacantes remotos provoquen una denegación de servicio (agotamiento de la pila), relacionado con las clases QPDFObjectHandle y QPDF_Dictionary. Esto se debe a que la anidación en los objetos directos no está restringida. • https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223 https://github.com/qpdf/qpdf/issues/202 https://usn.ubuntu.com/3638-1 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 1%CPEs: 29EXPL: 0CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; específicamente la invocación EDITOR_PROGRAM (usando ed) puede resultar en la ejecución de código. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro común, las bases de código han divergido con el tiempo. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html http://rachelbythebay.com/w/2018/04/05/bangpatch https://access.redhat.com/errata/RHSA-2018:1199 https://access.redhat.com/errata/RHSA-2018:1200 https://access.redhat.com/errata/RHSA-2018:2091 https://access.redhat.com/errata/RHSA-2018:2092 https://access.redhat.com/errata/RHSA-2018:2093 https://access.redhat.com/errata/RHSA-2018:2094 https://access.redhat.com/errata/RHSA-2018:2095 ht • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •