CVE-2015-9262 – libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c
https://notcve.org/view.php?id=CVE-2015-9262
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. _XcursorThemeInherits en library.c en libXcursor en versiones anteriores a la 1.1.15 permite que atacantes remotos provoquen una denegación de servicio (DoS) o una potencial ejecución de código mediante un desbordamiento de memoria dinámica (heap) de un byte. • https://access.redhat.com/errata/RHSA-2018:3059 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.freedesktop.org/show_bug.cgi?id=90857 https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05 https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html https://usn.ubuntu.com/3729-1 https://access.redhat.com/security/cve/CVE-2015-9262 https://bugzilla.redhat.com/show_bug.cgi?id=1611599 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-8614
https://notcve.org/view.php?id=CVE-2016-8614
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. Se ha descubierto un problema en versiones anteriores a la 2.2.0 de Ansible. El módulo apt_key no verifica correctamente las huellas de la clave, lo que permite que un adversario remoto cree una clave de OpenPGP que coincide con el ID de clave corto y la inyecte en lugar de la clave correcta. • http://www.securityfocus.com/bid/94108 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614 https://github.com/ansible/ansible-modules-core/issues/5237 https://github.com/ansible/ansible-modules-core/pull/5353 https://github.com/ansible/ansible-modules-core/pull/5357 • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •
CVE-2018-14682 – libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
https://notcve.org/view.php?id=CVE-2018-14682
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en la macro TOLOWER() para la descompresión CHM. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904800 https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •
CVE-2018-14680 – libmspack: off-by-one error in the CHM chunk number validity checks
https://notcve.org/view.php?id=CVE-2018-14680
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. No rechaza los nombres de archivos CHM en blanco. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904801 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-20: Improper Input Validation CWE-193: Off-by-one Error •
CVE-2018-14679 – libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks
https://notcve.org/view.php?id=CVE-2018-14679
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en las comprobaciones de validez de los números de chunk de CHM PMGI/PMGL que podría conducir a una denegación de servicio (referencia de datos no inicializados y cierre inesperado de la aplicación). • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904802 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •