CVE-2016-6328
https://notcve.org/view.php?id=CVE-2016-6328
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). Se ha encontrado una vulnerabilidad en libexif. Hay un desbordamiento de enteros al analizar los datos de la entrada MNOTE del archivo de entradas. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328 https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4277-1 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-16842 – curl: Heap-based buffer over-read in the curl tool warning formatting
https://notcve.org/view.php?id=CVE-2018-16842
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Curl, desde la versión 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de búfer basada en memoria dinámica (heap) en la función tool_msgs.c:voutf() que podría resultar en una exposición de información y una denegación de servicio (DoS). • http://www.securitytracker.com/id/1042014 https://access.redhat.com/errata/RHSA-2019:2181 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842 https://curl.haxx.se/docs/CVE-2018-16842.html https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211 https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html https://security.gentoo.org/glsa/201903-03 https://usn.ubuntu.com/3805-1 https://usn.ubuntu.com/3805-2 https://www.debian.org/security/2 • CWE-125: Out-of-bounds Read •
CVE-2018-18281 – kernel: TLB flush happens too late on mremap
https://notcve.org/view.php?id=CVE-2018-18281
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Desde la versión 3.2 del kernel de Linux, la syscall mremap() realiza vaciados TLB tras soltar bloqueos de tabla de página. Si una syscall como ftruncate() elimina las entradas de las tablas de página de una tarea en medio de mremap(), una entrada TLB obsoleta puede permanecer por poco tiempo, lo que permite el acceso a una página física una vez se ha devuelto al asignador de páginas y se reutiliza. • http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html http://www.openwall.com/lists/oss-security/2018/10/29/5 http://www.securityfocus.com/bid/105761 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0100 https://access • CWE-459: Incomplete Cleanup CWE-672: Operation on a Resource after Expiration or Release •
CVE-2018-18751 – gettext: double free in default_add_message in read-catalog.c
https://notcve.org/view.php?id=CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Se ha descubierto un problema en GNU gettext 0.19.8. Hay una doble liberación (double free) en default_add_message en read-catalog.c, relacionado con una liberación no válida en po_gram_parse en po-gram-gen.y, tal y como queda demostrado con lt-msgfmt. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html https://access.redhat.com/errata/RHSA-2019:3643 https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption https://usn.ubuntu.com/3815-1 https:// • CWE-415: Double Free CWE-416: Use After Free •
CVE-2018-18710
https://notcve.org/view.php?id=CVE-2018-18710
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.19. Una fuga de información en cdrom_ioctl_select_disc en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para leer memoria del kernel debido a que una conversión de un long no firmado a int interfiere con la comprobación de límites. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 http://www.securityfocus.com/bid/106041 https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://usn.ubuntu.com/3846-1 https://usn.ubuntu.com/3847-1 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •