CVSS: 9.8EPSS: 7%CPEs: 16EXPL: 1CVE-2018-18312 – perl: Heap-based buffer overflow in S_handle_regex_sets()
https://notcve.org/view.php?id=CVE-2018-18312
30 Nov 2018 — Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of serv... • http://www.securityfocus.com/bid/106179 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 15EXPL: 1CVE-2018-18314 – perl: Heap-based buffer overflow in S_regatom()
https://notcve.org/view.php?id=CVE-2018-18314
30 Nov 2018 — Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Eiichi Tsukata discovered ... • http://www.securityfocus.com/bid/106145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 3%CPEs: 17EXPL: 1CVE-2018-18313 – perl: Heap-based buffer read overflow in S_grok_bslash_N()
https://notcve.org/view.php?id=CVE-2018-18313
30 Nov 2018 — Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de búfer mediante una expresión regular manipulada que desencadena la divulgación de información sensible de la memoria del proceso. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, o... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 6%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
29 Oct 2018 — The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 38%CPEs: 14EXPL: 1CVE-2018-12015 – perl: Directory traversal in Archive::Tar
https://notcve.org/view.php?id=CVE-2018-12015
07 Jun 2018 — In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. En Perl hasta la versión 5.26.2, el módulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protección de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre. ... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8544
https://notcve.org/view.php?id=CVE-2015-8544
07 Feb 2017 — NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. NetApp SnapDrive para Windows en versiones anteriores a 7.0.2P4, 7.0.3 y 7.1 en versiones anteriores a 7.1.3P1 permite a atacantes remotos obtener información sensible a través de vectores no especificados. • https://kb.netapp.com/support/s/article/cve-2015-8544-sensitive-information-disclosure-in-snapdrive-for-windows • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 69%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 2CVE-2015-8960
https://notcve.org/view.php?id=CVE-2015-8960
21 Sep 2016 — The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impe... • http://twitter.com/matthew_d_green/statuses/630908726950674433 • CWE-295: Improper Certificate Validation •