CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 1CVE-2018-19539
https://notcve.org/view.php?id=CVE-2018-19539
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una violación de acceso en la función jas_image_readcmpt en libjasper/base/jas_image.c, provocando una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-19540
https://notcve.org/view.php?id=CVE-2018-19540
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19541
https://notcve.org/view.php?id=CVE-2018-19541
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-19542 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2018-19542
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función jp2_decode en libjasper/jp2/jp2_dec.c, provocando una denegación de servicio (DoS). It was discovered that Jasper incorrectly certain files. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19543
https://notcve.org/view.php?id=CVE-2018-19543
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. Se ha descubierto un problema en JasPer 2.0.14. Existe un desbordamiento de búfer basado en memoria dinámica (heap) del tamaño 8 en la función jp2_decode in libjasper/jp2/jp2_dec.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18873 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2018-18873
31 Oct 2018 — An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función ras_putdatastd en ras/ras_enc.c. It was discovered that Jasper incorrectly certain files. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 19EXPL: 0CVE-2018-18584 – libmspack: Out-of-bounds write in mspack/cab.h
https://notcve.org/view.php?id=CVE-2018-18584
23 Oct 2018 — In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. En mspack/cab.h en libmspack en versiones anteriores a la 0.8alpha y cabextract en versiones anteriores a la 1.8, el búfer de entrada de bloques CAB es un byte más pequeño para el bloque Quantum máximo, lo que conduce a una escritura fuera de límites. USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 li... • https://access.redhat.com/errata/RHSA-2019:2049 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1CVE-2018-18585 – libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
https://notcve.org/view.php?id=CVE-2018-18585
23 Oct 2018 — chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene "\0" como su primer o segundo carácter (como el nombre "/\0"). Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service. Versions less than 1.8 are affected. • https://access.redhat.com/errata/RHSA-2019:2049 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2018-17962 – QEMU: pcnet: integer overflow leads to buffer overflow
https://notcve.org/view.php?id=CVE-2018-17962
09 Oct 2018 — Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en pcnet_receive en hw/net/pcnet.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4190 – Missing verification of host key for kdump server
https://notcve.org/view.php?id=CVE-2011-4190
08 Jun 2018 — The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). La implementación kdump carece de la verificación de clave host en la integración OpenSSH de kdump y mkdumprd d... • https://bugzilla.suse.com/show_bug.cgi?id=722440 • CWE-306: Missing Authentication for Critical Function CWE-310: Cryptographic Issues •