CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14522
https://notcve.org/view.php?id=CVE-2018-14522
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. Se ha descubierto un problema en aubio 0.4.6. Puede ocurrir una señal SEGV en aubio_pitch_set_unit en pitch/pitch.c, tal y como queda demostrado con aubionotes. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html https://github.com/aubio/aubio/issues/188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10360 – file: out-of-bounds read via a crafted ELF file
https://notcve.org/view.php?id=CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función do_core_note en readelf.c en libmagic.a en file 5.33 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) utilizando un archivo ELF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 https://security.gentoo.org/glsa/201806-08 https://usn.ubuntu.com/3686-1 https://usn.ubuntu.com/3686-2 https://access.redhat.com/security/cve/CVE-2018-10360 https://bugzilla.redhat.com/show_bug.cgi?id=1590000 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10380
https://notcve.org/view.php?id=CVE-2018-10380
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. kwallet-pam en KDE KWallet en versiones anteriores a la 5.12.6 permite que los usuarios locales obtengan la propiedad de archivos arbitrarios mediante un ataque symlink. • https://bugzilla.suse.com/show_bug.cgi?id=1090863 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://www.debian.org/security/2018/dsa-4200 https://www.kde.org/info/security/advisory-20180503-1.txt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-14804 – package builds could use directory traversal to write outside of target area
https://notcve.org/view.php?id=CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. El paquete de build anterior a 20171128 no comprobó nombres de directorio durante la extracción de resultados de build que permitían que builds no fiables escribiesen en el sistema objetivo. Esto provocaba el escape fuera de los buildroots. • https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.6EPSS: 97%CPEs: 1467EXPL: 3CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. • https://www.exploit-db.com/exploits/43427 https://github.com/sachinthaBS/Spectre-Vulnerability-CVE-2017-5753- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://nvidia.custhe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •