CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000878
20 Dec 2018 — libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416:... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1000879
https://notcve.org/view.php?id=CVE-2018-1000879
20 Dec 2018 — libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. libarchive, con el commit con ID 379867ecb330b3a952fb7bfa7bffb7bbd5547205 y siguientes (desde la v3.3.0) contiene una vulnerabilidad CWE-476: desreferencia de ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1000880 – Debian Security Advisory 4360-1
https://notcve.org/view.php?id=CVE-2018-1000880
20 Dec 2018 — libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. libarchive, con el commit con ID 9693801580c0cf7c70e862d305270a16b52826a7 y siguientes (desde la v3.2.0... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16872 – Ubuntu Security Notice USN-3923-1
https://notcve.org/view.php?id=CVE-2018-16872
13 Dec 2018 — A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2018-19489 – Ubuntu Security Notice USN-3923-1
https://notcve.org/view.php?id=CVE-2018-19489
13 Dec 2018 — v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. v9fs_wstat en hw/9pfs/9p.c en QEMU permite que los usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado) debido a una condición de carrera durante el renombrado de los archivos. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16867 – Ubuntu Security Notice USN-3923-1
https://notcve.org/view.php?id=CVE-2018-16867
12 Dec 2018 — A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. Se ha descubierto un problema en versiones anteriores a la 3.1.0 de QEMU, en el protocolo MTP (Media Transfer Protocol). Un salto de directorio ... • http://www.securityfocus.com/bid/106195 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20060 – python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure
https://notcve.org/view.php?id=CVE-2018-20060
11 Dec 2018 — urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. urllib3 en versiones anteriores a la 1.23 no elimina la cabecera HTTP Authorization al seguir una redirección cross-origin (i.e., una redirección que difiere en host, puerto o esquema). Esto puede permitir que las crede... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2018-20004
https://notcve.org/view.php?id=CVE-2018-20004
10 Dec 2018 — An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20005
https://notcve.org/view.php?id=CVE-2018-20005
10 Dec 2018 — An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. Se ha encontrado un problema en Mini-XML (también conocido como mxml) 2.12. Es un uso de memoria previamente liberada en mxmlWalkNext en mxml-search.c, tal y como queda demostrado con mxmldoc. • https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2018-19591 – Gentoo Linux Security Advisory 201908-06
https://notcve.org/view.php?id=CVE-2018-19591
04 Dec 2018 — In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. En la biblioteca GNU C (también conocida como glibc o libc6) hasta la versión 2.28, los intentos para resolver un nombre de host manipulado mediante getaddrinfo() conducen a la asignación de un descriptor de un socket que no está cerrado. Esto está relacionado con la función if_n... • http://www.securityfocus.com/bid/106037 • CWE-20: Improper Input Validation •