Page 202 of 2170 results (0.044 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-7443

https://notcve.org/view.php?id=CVE-2018-7443

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). La función ReadTIFFImage en coders/tiff.c en ImageMagick 7.0.7-23 Q16 no valida correctamente la cantidad de datos de imagen en un archivo, lo que permite que atacantes remotos provoquen una denegación de servicio (error de asignación de memoria en la función AcquireMagickMemory en MagickCore/memory.c). • https://github.com/ImageMagick/ImageMagick/issues/999 https://lists.debian.org/debian-lts-announce/2018/02/msg00028.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/3681-1 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-6764 – libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init

https://notcve.org/view.php?id=CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protección de contenedor planeado y ejecuten comandos arbitrarios mediante un módulo NSS manipulado. • http://www.ubuntu.com/usn/USN-3576-1 https://access.redhat.com/errata/RHSA-2018:3113 https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html https://access.redhat.com/security/cve/CVE-2018-6764 https://bugzilla.redhat.com/show_bug.cgi?id=1541444 • CWE-179: Incorrect Behavior Order: Early Validation CWE-346: Origin Validation Error •

CVSS: 8.6EPSS: 1%CPEs: 6EXPL: 0

CVE-2017-15119 – qemu: DoS via large option request

https://notcve.org/view.php?id=CVE-2017-15119

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. El servidor Network Block Device (NBD) en Quick Emulator (QEMU) en versiones anteriores a la 2.11 es vulnerable a un problema de denegación de servicio (DoS). Esto puede ocurrir si un cliente envía grandes peticiones de opciones, haciendo que el servidor pierda tiempo de CPU al leer hasta 4GB por petición. • http://www.openwall.com/lists/oss-security/2017/11/28/9 http://www.securityfocus.com/bid/102011 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15119 https:/ • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 1

CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c

https://notcve.org/view.php?id=CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmente sensibles o, posiblemente, a otro tipo de impacto sin especificar (por ejemplo, un desbordamiento de enteros) mediante paquetes VNC especialmente manipulados. • http://www.openwall.com/lists/oss-security/2018/02/18/1 http://www.securityfocus.com/bid/103107 https://access.redhat.com/errata/RHSA-2018:1055 https://github.com/LibVNC/libvncserver/issues/218 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://se • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2017-18190 – cups: DNS rebinding attacks via incorrect whitelist

https://notcve.org/view.php?id=CVE-2017-18190

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). Una entrada en la lista blanca localhost.localdomain en valid_host() en scheduler/client.c en CUPS, en versiones anteriores a la 2.2.2, permite que atacantes remotos ejecuten comandos IPP arbitrarios mediante el envío de peticiones POST al demonio CUPS junto con reenlaces DNS. El nombre localhost.localdomain suele resolverse mediante un servidor DNS (ni el sistema operativo ni el navegador web son responsables de garantizar que localhost.localdomain sea 127.0.0.1). • https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html https://usn.ubuntu.com/3577-1 https://access.redhat.com/security/cve/CVE-2017-18190 https://bugzilla.redhat.com/show_bug.cgi?id=1546395 • CWE-284: Improper Access Control CWE-290: Authentication Bypass by Spoofing •