CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10360 – file: out-of-bounds read via a crafted ELF file
https://notcve.org/view.php?id=CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función do_core_note en readelf.c en libmagic.a en file 5.33 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) utilizando un archivo ELF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 https://security.gentoo.org/glsa/201806-08 https://usn.ubuntu.com/3686-1 https://usn.ubuntu.com/3686-2 https://access.redhat.com/security/cve/CVE-2018-10360 https://bugzilla.redhat.com/show_bug.cgi?id=1590000 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5220
https://notcve.org/view.php?id=CVE-2014-5220
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. El script mdcheck del paquete mdadm para openSUSE 13.2 en versiones anteriores a 3.3.1-5.14.1 no sanea correctamente los nombres de dispositivo, lo que permite que atacantes locales ejecuten comandos arbitrarios como root. • https://bugzilla.suse.com/show_bug.cgi?id=910500 https://lists.opensuse.org/opensuse-updates/2015-02/msg00069.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-1125 – Procps-ng Audit Report
https://notcve.org/view.php?id=CVE-2018-1125
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un desbordamiento de búfer basado en pila en pgrep. Esta vulnerabilidad se mitiga mediante FORTIFY, ya que implica el uso de strncat() en una cadena asignada a la pila. Cuando pgrep se compila con FORTIFY (como en Red Hat Enterprise Linux y Fedora), el impacto se limita a un cierre inesperado. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125 https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html https://usn.ubuntu.com/3658-1 https://usn.ubuntu.com/3658-3 https://www.debian.org/security/2018/dsa-4208 https:/ • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2CVE-2018-1124 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. procps-ng en versiones anteriores a la 3.3.15 es vulnerable a múltiples desbordamientos de enteros que conducen a una corrupción de la memoria dinámica (heap) en la función file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podría resultar en cierres inesperados o la ejecución de código arbitrario en las utilidades proc ejecutadas por otros usuarios. Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w). • https://www.exploit-db.com/exploits/44806 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104214 http://www.securitytracker.com/id/1041057 https://access.redhat.com/errata/RHSA-2018:1700 https://access.redhat.com/errata/RHSA-2018:1777 https://access.redhat.com/errata/RHSA-2018:1820 https://access.redha • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18215
https://notcve.org/view.php?id=CVE-2017-18215
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. xvpng.c en xv 3.10a tiene corrupción de memoria (escritura fuera de límites) al descifrar campos de comentario de PNG, lo que conduce a cierres inesperados o a la posible ejecución de código debido a que usa un valor de longitud incorrecto. • https://bugzilla.suse.com/attachment.cgi?id=728337 https://bugzilla.suse.com/show_bug.cgi?id=1043479 https://lists.opensuse.org/opensuse-updates/2018-02/msg00088.html • CWE-787: Out-of-bounds Write •