CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-1068 – kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
https://notcve.org/view.php?id=CVE-2018-1068
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Se ha encontrado un error en la implementación de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permitía que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel. A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. • http://www.securityfocus.com/bid/103459 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:4159 https://bugzilla.redhat.com/show_bug.cgi?id=1552048 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18233 – exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp
https://notcve.org/view.php?id=CVE-2017-18233
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. Desbordamiento de enteros en la clase Chunk en XMPFiles/source/FormatSupport/RIFF.cpp permite que los atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante datos XMP manipulados en un archivo .avi. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102151 https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18233 https://bugzilla.redhat.com/show_bug.cgi?id=1559575 • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18236 – exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp
https://notcve.org/view.php?id=CVE-2017-18236
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. La función ASF_Support::ReadHeaderObject en XMPFiles/source/FormatSupport/ASF_Support.cpp permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo .asf manipulado. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102484 https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18236 https://bugzilla.redhat.com/show_bug.cgi?id=1559596 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18234 – exempi: Use after free via a PDF file containing JPEG data
https://notcve.org/view.php?id=CVE-2017-18234
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. Permite que los atacantes remotos provoquen una denegación de servicio (memcpy no válido con uso de memoria previamente liberada) o, posiblemente, otro impacto no especificado mediante un archivo .pdf que contenga datos JPEG. Esto está relacionado con XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp y XMPFiles/source/FormatSupport/TIFF_Support.hpp. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=100397 https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18234 https://bugzilla.redhat.com/show_bug.cgi?id=1559590 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5145 – Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5145
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Se han informado de errores de seguridad de memoria en Firefox ESR 52.6. Estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103384 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •