CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12477 – obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories
https://notcve.org/view.php?id=CVE-2018-12477
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. Una vulnerabilidad de neutralización incorrecta de secuencias CRLF en Open Build Service permite que los atacantes remotos provoquen el borrado de directorios engañando a obs-service-refresh_patches para que los elimine. Las versiones afectadas son openSUSE Open Build Service en versiones anteriores a la d6244245dda5367767efc989446fe4b5e4609cce. • https://bugzilla.suse.com/show_bug.cgi?id=1108189 https://lwn.net/Articles/766535 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9597 – libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)
https://notcve.org/view.php?id=CVE-2016-9597
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. Se ha descubierto que el erratum de Red Hat JBoss Core Services RHSA-2016:2957 para CVE-2016-3705 no incluía la solución al problema en libxml2, lo que lo hace vulnerable a un ataque de denegación de servicio (DoS) debido a un desbordamiento de pila. Este es un CVE de regresión para el mismo problema que CVE-2016-3705. • http://www.securityfocus.com/bid/98567 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597 https://access.redhat.com/security/cve/CVE-2016-9597 https://bugzilla.redhat.com/show_bug.cgi?id=1408305 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14523
https://notcve.org/view.php?id=CVE-2018-14523
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. Se ha descubierto un problema en aubio 0.4.6. Puede ocurrir una sobrelectura de búfer en new_aubio_pitchyinfft en pitch/pitchyinfft.c, tal y como queda demostrado con aubionotes. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html https://github.com/aubio/aubio/issues/189 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14522
https://notcve.org/view.php?id=CVE-2018-14522
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. Se ha descubierto un problema en aubio 0.4.6. Puede ocurrir una señal SEGV en aubio_pitch_set_unit en pitch/pitch.c, tal y como queda demostrado con aubionotes. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html https://github.com/aubio/aubio/issues/188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •