CVE-2018-18313 – perl: Heap-based buffer read overflow in S_grok_bslash_N()
https://notcve.org/view.php?id=CVE-2018-18313
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de búfer mediante una expresión regular manipulada que desencadena la divulgación de información sensible de la memoria del proceso. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646738 https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://rt& • CWE-125: Out-of-bounds Read •
CVE-2018-18314 – perl: Heap-based buffer overflow in S_regatom()
https://notcve.org/view.php?id=CVE-2018-18314
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646751 https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://rt.perl. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2018-18312 – perl: Heap-based buffer overflow in S_handle_regex_sets()
https://notcve.org/view.php?id=CVE-2018-18312
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://www.securityfocus.com/bid/106179 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646734 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://metacpan.org/changes/release/SHAY/perl-5.28.1 https://rt.perl.org/Pub • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-5492
https://notcve.org/view.php?id=CVE-2018-5492
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. NetApp E-Series SANtricity OS Controller Software en versiones 11.30 y 11.30.5 es susceptible a una ejecución remota de código no autenticada. • https://security.netapp.com/advisory/ntap-20181003-0001 • CWE-20: Improper Input Validation •
CVE-2018-2942
https://notcve.org/view.php?id=CVE-2018-2942
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104781 http://www.securitytracker.com/id/1041302 https://security.netapp.com/advisory/ntap-20180726-0001 •