CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1CVE-2018-18585 – libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
https://notcve.org/view.php?id=CVE-2018-18585
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene "\0" como su primer o segundo carácter (como el nombre "/\0"). • https://access.redhat.com/errata/RHSA-2019:2049 https://bugs.debian.org/911637 https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3814-1 https://usn.ubuntu.com/3814-2 https://usn.ubuntu.com/3814-3 https://www.openwall.com/lists/oss-security/2018/10/22/1 https://www.starwindsoftware.com/security/sw-20181213-0002 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2018-17962 – QEMU: pcnet: integer overflow leads to buffer overflow
https://notcve.org/view.php?id=CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en pcnet_receive en hw/net/pcnet.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2892 https://access.redhat.com/security/cve/cve-2018-17962 https://linux.oracle.com/cve/CVE-2018-17962.html https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2018/dsa-4338 https://www.suse.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16588
https://notcve.org/view.php?id=CVE-2018-16588
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. Puede ocurrir un escalado de privilegios en el código SUSE useradd en useradd.c, tal y como se distribuye en el paquete SUSE shadow hasta la versión 4.2.1-27.9.1 para SUSE Linux Enterprise 12 (SLE-12) y hasta la versión 4.5-5.39 para SUSE Linux Enterprise 15 (SLE-15). • http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2018-6556 – The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
https://notcve.org/view.php?id=CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. Cuando se solicita a lxc-user-nic que elimine una interfaz de red, abrirá de forma incondicional una ruta proporcionada por el usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591 https://bugzilla.suse.com/show_bug.cgi?id=988348 https://security.gentoo.org/glsa/201808-02 https://usn.ubuntu.com/usn/usn-3730- • CWE-417: Communication Channel Errors •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14523
https://notcve.org/view.php?id=CVE-2018-14523
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. Se ha descubierto un problema en aubio 0.4.6. Puede ocurrir una sobrelectura de búfer en new_aubio_pitchyinfft en pitch/pitchyinfft.c, tal y como queda demostrado con aubionotes. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html https://github.com/aubio/aubio/issues/189 • CWE-125: Out-of-bounds Read •