Page 41 of 1430 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2018-14680 – libmspack: off-by-one error in the CHM chunk number validity checks

https://notcve.org/view.php?id=CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. No rechaza los nombres de archivos CHM en blanco. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904801 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-20: Improper Input Validation CWE-193: Off-by-one Error •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2018-14679 – libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks

https://notcve.org/view.php?id=CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en las comprobaciones de validez de los números de chunk de CHM PMGI/PMGL que podría conducir a una denegación de servicio (referencia de datos no inicializados y cierre inesperado de la aplicación). • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904802 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •

CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2018-14681 – libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c

https://notcve.org/view.php?id=CVE-2018-14681

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. Se ha descubierto un problema en kwajd_read_headers en mspack/kwajd.c en libmspack en versiones anteriores a la 0.7alpha. Las extensiones de encabezado de archivo KWAJ incorrectas pueden provocar una sobrescritura de uno o dos bytes. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904799 https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 1

CVE-2017-18344 – Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

https://notcve.org/view.php?id=CVE-2017-18344

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). La implementación de llamada del sistema timer_create en kernel/time/posix-timers.c en el kernel de Linux en versiones anteriores a la 4.14.8 no valida correctamente el campo sigevent->sigev_notify, conduciendo a un acceso fuera de límites en la función show_timer (que se llama cuando se lee /proc/$PID/timers). Esto permite que las aplicaciones del espacio del usuario lean memoria del kernel arbitraria (en un kernel construido con CONFIG_POSIX_TIMERS y CONFIG_CHECKPOINT_RESTORE). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function. • https://www.exploit-db.com/exploits/45175 http://www.securityfocus.com/bid/104909 http://www.securitytracker.com/id/1041414 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3459 https://access.redhat.com/errata/RHSA-2018:3540 https://access.redhat.com/errata/RHSA-2018:3586 https://access.redhat.com/errata/RHSA-2018:3590 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0

CVE-2018-14404 – libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

https://notcve.org/view.php?id=CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. Existe una vulnerabilidad de desreferencia de puntero NULL en la función xpath.c:xmlXPathCompOpEval() de libxml2 hasta la versión 2.9.8 al analizar una expresión XPath inválida en los casos XPATH_OP_AND o XPATH_OP_OR. Las aplicaciones que procesan entradas de formato XLS no fiables mediante la biblioteca libxml2 podrían ser vulnerables a un ataque de denegación de servicio (DoS) debido al cierre inesperado de la aplicación. A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. • https://access.redhat.com/errata/RHSA-2019:1543 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 https://gitlab.gnome.org/GNOME/libxml2/issues/10 https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://security.netapp.com/advisory/ntap-20190719-0002 https://usn.ubuntu.com/3739-1 https://usn.ubuntu.com/3739-2 https://acc • CWE-476: NULL Pointer Dereference •