CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-16435 – lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2018-16435
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. Little CMS (también conocido como Little Color Management System) 2.9 tiene un desbordamiento de enteros en la función AllocateDataSet en cmscgats.c que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función SetData mediante un archivo manipulado en el segundo argumento en cmsIT8LoadFromFile. • https://access.redhat.com/errata/RHSA-2018:3004 https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8 https://github.com/mm2/Little-CMS/issues/171 https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html https://security.gentoo.org/glsa/202105-18 https://usn.ubuntu.com/3770-1 https://usn.ubuntu.com/3770-2 https://www.debian.org/security/2018/dsa-4284 https://access.redhat.com/security/cve/CVE-2018-16435 https://bugzilla.redhat.com/sh • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16429
https://notcve.org/view.php?id=CVE-2018-16429
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). GNOME GLib 2.56.1 tiene una vulnerabilidad de lectura fuera de límites en g_markup_parse_context_parse() en gmarkup.c, relacionada con utf8_str(). • https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b https://gitlab.gnome.org/GNOME/glib/issues/1361 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html https://usn.ubuntu.com/3767-1 https://usn.ubuntu.com/3767-2 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16276
https://notcve.org/view.php?id=CVE-2018-16276
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. Se descubrió un problema en yurex_read en drivers/usb/misc/yurex.c en el kernel de Linux hasta la versión 4.17.7. Los atacantes locales pueden emplear lecturas/escrituras de acceso de usuario con una comprobación incorrecta de límites en el controlador USB yurex para provocar el cierre inesperado del kernel o escalar privilegios. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 https://bugzilla.suse.com/show_bug.cgi?id=1106095 https://bugzilla.suse.com/show_bug.cgi?id=1115593 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7 https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
https://notcve.org/view.php?id=CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •
CVSS: 10.0EPSS: 2%CPEs: 17EXPL: 0CVE-2011-2767 – mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess
https://notcve.org/view.php?id=CVE-2011-2767
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. mod_perl 2.0 hasta la versión 2.0.10 permite que los atacantes ejecuten código Perl colocándolo en un archivo .htaccess propiedad del usuario, debido a que (al contrario de lo que pone en la documentación) no hay una opción de configuración que permita el código Perl para el control de administrador del procesamiento de peticiones HTTP sin permitir también que usuarios sin privilegios ejecuten código Perl en el contexto de la cuenta de usuario que ejecuta los procesos Apache HTTP Server. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html http://www.securityfocus.com/bid/105195 https://access.redhat.com/errata/RHSA-2018:2737 https://access.redhat.com/errata/RHSA-2018:2825 https://access.redhat.com/errata/RHSA-2018:2826 https://bugs.debian.org/644169 https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d%40%3Cmodperl-cvs.perl.apache.org%3E https://li • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-266: Incorrect Privilege Assignment •