CVSS: 9.8EPSS: 10%CPEs: 19EXPL: 1CVE-2018-20748 – Ubuntu Security Notice USN-3877-1
https://notcve.org/view.php?id=CVE-2018-20748
30 Jan 2019 — LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene múltiples vulnerabilidades de escritura fuera de límites en la memoria dinámica (heap) en libvncclient/rfbproto.c. La solución para CVE-2018-20019 era incompleta. Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 10%CPEs: 20EXPL: 1CVE-2018-20749 – Ubuntu Security Notice USN-4547-1
https://notcve.org/view.php?id=CVE-2018-20749
30 Jan 2019 — LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene una vulnerabilidad de escritura fuera de límites en la memoria dinámica (heap) en libvncserver/rfbserver.c. La solución para CVE-2018-15127 era incompleta. It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. • http://www.securityfocus.com/bid/106825 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 10%CPEs: 20EXPL: 1CVE-2018-20750 – Ubuntu Security Notice USN-4587-1
https://notcve.org/view.php?id=CVE-2018-20750
30 Jan 2019 — LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC, hasta la versión 0.9.12, contiene una vulnerabilidad de escritura fuera de límites en la memoria dinámica (heap) en libvncserver/rfbserver.c. La solución para CVE-2018-15127 era incompleta. Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. • http://www.securityfocus.com/bid/106825 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 41%CPEs: 18EXPL: 1CVE-2018-18500 – Mozilla: Use-after-free parsing HTML5 stream
https://notcve.org/view.php?id=CVE-2018-18500
30 Jan 2019 — A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una vulnerabilidad de memoria previamente liberada puede ocurrir a la hora de analizar una transmisión HTML5 junto con elementos HTML personalizados. Esto resulta en la liberación del objeto de análisi... • https://github.com/sophoslabs/CVE-2018-18500 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 17EXPL: 0CVE-2018-18501 – Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
https://notcve.org/view.php?id=CVE-2018-18501
30 Jan 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 64 and Firefox ESR 60.4. Algunos de esto... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 3%CPEs: 18EXPL: 0CVE-2018-18505 – Mozilla: Privilege escalation through IPC channel messages
https://notcve.org/view.php?id=CVE-2018-18505
30 Jan 2019 — An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thund... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-1000018 – Debian Security Advisory 4377-3
https://notcve.org/view.php?id=CVE-2019-1000018
30 Jan 2019 — rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. rssh 2.3.4 contiene un CWE-77: neutralización indebida de elementos especiales empleados en un comando (inyección de comandos) en el permiso allowscp que puede resultar en la ejecución local de comandos. El ataque p... • http://seclists.org/fulldisclosure/2021/May/78 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3813 – spice: Off-by-one error in array access in spice/server/memslot.c
https://notcve.org/view.php?id=CVE-2019-3813
29 Jan 2019 — Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. Spice, desde la versión 0.5.2 hasta la 0.14.1, son vulnerables a una lectura fuera de límites debido a un error por un paso en memslot_get_virt. Esto podría conducir a una denegación de servicio (DoS) o, en el peor de los casos, la ejecución de código por parte de atacantes no au... • http://www.securityfocus.com/bid/106801 • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-6978 – gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
https://notcve.org/view.php?id=CVE-2019-6978
28 Jan 2019 — The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. La versión 2.25 de GD Graphics Library (también conocido como LibGD) tiene una doble liberación (double free) en las funciones gdImage*Ptr() en gd_gif_out.c, gd_jpeg.c y gd_wbmp.c. NOTA: PHP no se ve afectado. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 89%CPEs: 12EXPL: 3CVE-2019-6977 – PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
https://notcve.org/view.php?id=CVE-2019-6977
27 Jan 2019 — gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. gdImageColorMatch in gd_color_match.c en la versión 2.2.5 de GD Graphics Library (también conocido como LibGD), tal y como se utiliza en la función imagecolormat... • https://packetstorm.news/files/id/152459 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •