CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14629
https://notcve.org/view.php?id=CVE-2018-14629
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-14629.html • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6328
https://notcve.org/view.php?id=CVE-2016-6328
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). Se ha encontrado una vulnerabilidad en libexif. Hay un desbordamiento de enteros al analizar los datos de la entrada MNOTE del archivo de entradas. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328 https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4277-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16842 – curl: Heap-based buffer over-read in the curl tool warning formatting
https://notcve.org/view.php?id=CVE-2018-16842
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Curl, desde la versión 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de búfer basada en memoria dinámica (heap) en la función tool_msgs.c:voutf() que podría resultar en una exposición de información y una denegación de servicio (DoS). • http://www.securitytracker.com/id/1042014 https://access.redhat.com/errata/RHSA-2019:2181 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842 https://curl.haxx.se/docs/CVE-2018-16842.html https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211 https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html https://security.gentoo.org/glsa/201903-03 https://usn.ubuntu.com/3805-1 https://usn.ubuntu.com/3805-2 https://www.debian.org/security/2 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18281 – kernel: TLB flush happens too late on mremap
https://notcve.org/view.php?id=CVE-2018-18281
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Desde la versión 3.2 del kernel de Linux, la syscall mremap() realiza vaciados TLB tras soltar bloqueos de tabla de página. Si una syscall como ftruncate() elimina las entradas de las tablas de página de una tarea en medio de mremap(), una entrada TLB obsoleta puede permanecer por poco tiempo, lo que permite el acceso a una página física una vez se ha devuelto al asignador de páginas y se reutiliza. • http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html http://www.openwall.com/lists/oss-security/2018/10/29/5 http://www.securityfocus.com/bid/105761 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0100 https://access&# • CWE-459: Incomplete Cleanup CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 2CVE-2018-18751 – gettext: double free in default_add_message in read-catalog.c
https://notcve.org/view.php?id=CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Se ha descubierto un problema en GNU gettext 0.19.8. Hay una doble liberación (double free) en default_add_message en read-catalog.c, relacionado con una liberación no válida en po_gram_parse en po-gram-gen.y, tal y como queda demostrado con lt-msgfmt. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html https://access.redhat.com/errata/RHSA-2019:3643 https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption https://usn.ubuntu.com/3815-1 https:// • CWE-415: Double Free CWE-416: Use After Free •