Page 34 of 441 results (0.006 seconds)

CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 1

CVE-2018-18312 – perl: Heap-based buffer overflow in S_handle_regex_sets()

https://notcve.org/view.php?id=CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://www.securityfocus.com/bid/106179 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646734 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://metacpan.org/changes/release/SHAY/perl-5.28.1 https://rt.perl.org/Pub • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2018-19214

https://notcve.org/view.php?id=CVE-2018-19214

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para las entradas insuficientes. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392521 https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2018-19215

https://notcve.org/view.php?id=CVE-2018-19215

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. Netwide Assembler (NASM) 2.14rc16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para los casos especiales de los caracteres % y $. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392525 https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2018-16396 – ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

https://notcve.org/view.php?id=CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. Se ha descubierto un problema en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. No contamina las cadenas que resultan de desempaquetar cadenas contaminadas con algunos formatos. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securitytracker.com/id/1042106 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://hackerone.com/reports/385070 https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html https://security.netapp.com/advisory/ntap-20190221-0002 https://usn • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-14651 – glusterfs: glusterfs server exploitable via symlinks to relative paths

https://notcve.org/view.php?id=CVE-2018-14651

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. Se ha descubierto que la solución para CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 y CVE-2018-10926 estaba incompleta. Un atacante autenticado remoto podría emplear uno de estos errores para ejecutar código arbitrario, crear archivos arbitrarios o provocar una denegación de servicio en los nodos del servidor glusterfs mediante vínculos simbólicos a rutas relativas. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14651 https://bugzilla.redhat.com/show_bug.cgi?id=1632557 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •