CVSS: 5.3EPSS: 3%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
10 Jan 2019 — In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. Many ... • http://www.securityfocus.com/bid/106531 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5882 – Slackware Security Advisory - irssi Updates
https://notcve.org/view.php?id=CVE-2019-5882
09 Jan 2019 — Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. Irssi, en versiones 1.1.x anteriores a la 1.1.2, tiene un uso de memoria previamente liberada cuando las líneas ocultas expiran del búfer "scroll". It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. • https://github.com/irssi/irssi/pull/948 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 2CVE-2018-20679 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2018-20679
09 Jan 2019 — An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. Se ha descubierto un problema en versiones anteriores a la 1.30.0 de BusyBox. Una lectura fuera de límites en los componentes udhcp (consumidos... • https://packetstorm.news/files/id/154361 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2019-5747 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2019-5747
09 Jan 2019 — An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. Se ha descubierto un problema en BusyBox hasta la versión 1.30.0. • https://packetstorm.news/files/id/154361 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2019-3498 – Ubuntu Security Notice USN-3851-1
https://notcve.org/view.php?id=CVE-2019-3498
08 Jan 2019 — In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. En Django, en versiones 1.11.x anteriores a la 1.11.18, versiones 2.0.x anteriores a la 2.0.10 y 2.1.x anteriores a la 2.1.5, existe una neutralización incorrecta de ele... • http://www.securityfocus.com/bid/106453 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3701 – Ubuntu Security Notice USN-4115-1
https://notcve.org/view.php?id=CVE-2019-3701
03 Jan 2019 — An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16882 – Ubuntu Security Notice USN-3878-1
https://notcve.org/view.php?id=CVE-2018-16882
03 Jan 2019 — A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versi... • http://www.securityfocus.com/bid/106254 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc
https://notcve.org/view.php?id=CVE-2018-20650
01 Jan 2019 — A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pd... • http://www.securityfocus.com/bid/106459 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20551 – poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c
https://notcve.org/view.php?id=CVE-2018-20551
28 Dec 2018 — A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Una aserción alcanzable en Object::getString en Poppler 0.72.0 permite que los atacantes provoquen una denegación de servicio (DoS) debido a la construcción de activos de anotaciones de multimedia interactiva en la clase AnnotRichMedia en Annot.c. Poppler is a Portable Document Format rendering library, use... • https://access.redhat.com/errata/RHSA-2019:2713 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2018-20544 – Ubuntu Security Notice USN-3860-1
https://notcve.org/view.php?id=CVE-2018-20544
28 Dec 2018 — There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Hay un acceso de ESCRITURA ilegal en la memoria en common-image.c (función load_image) en libcaca 0.99.beta19 para los datos 4bpp. It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that libcaca incorrectly handled certain images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-369: Divide By Zero •