CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6869
https://notcve.org/view.php?id=CVE-2018-6869
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.68, hay una asignación de memoria no controlada y un cierre inesperado en la función __zzip_parse_root_directory en zzip/zip.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo zip manipulado. • http://www.securityfocus.com/bid/103050 https://github.com/gdraheim/zziplib/issues/22 https://lists.debian.org/debian-lts-announce/2018/02/msg00022.html https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 95%CPEs: 7EXPL: 4CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://www.exploit-db.com/exploits/45671 https://www.exploit-db.com/exploits/44571 https://github.com/synacktiv/Exim-CVE-2018-6789 https://github.com/beraphin/CVE-2018-6789 http://openwall.com/lists/oss-security/2018/02/10/2 http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html http://www.openwall.com/lists/oss-security/2018/02/07/2 http://www.securityfocus.com/bid/103049 http://www.securitytracker.com/id/1040461 https://devco.re/blog/201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 59%CPEs: 22EXPL: 2CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file. LibreOffice suffers from a remote arbitrary file disclosure vulnerability. • https://www.exploit-db.com/exploits/44022 https://access.redhat.com/errata/RHSA-2018:0418 https://access.redhat.com/errata/RHSA-2018:0517 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure https://usn.ubuntu.com/3579-1 https://www.debian.org/security/2018/dsa-4111 https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 https://access.red • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.6EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000030
https://notcve.org/view.php?id=CVE-2018-1000030
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. • https://github.com/tylepr96/CVE-2018-1000030 https://bugs.python.org/issue31530 https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view https://security.gentoo.org/glsa/201811-02 https://usn.ubuntu.com/3817-1 https://usn.ubuntu.com/3817-2 https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0 https://www.oracle.com/security-alerts/cpujan2020.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6767
https://notcve.org/view.php?id=CVE-2018-6767
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. Una sobrelectura de búfer basada en pila en la función ParseRiffHeaderConfig del archivo cli/riff.c de WavPack 5.1.0 permite que un atacante remoto provoque un ataque de denegación de servicio (DoS) o posiblemente otro impacto no especificado mediante un archivo RF64 manipulado maliciosamente. • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276 https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 https://github.com/dbry/WavPack/issues/27 https://seclists.org/bugtraq/2019/Dec/37 https://usn.ubuntu.com/3568-1 https://www.debian.org/security/2018/dsa-4125 • CWE-125: Out-of-bounds Read •