CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3183 – OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936)
https://notcve.org/view.php?id=CVE-2018-3183
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105622 http://www.securitytracker.com/id/1041889 https://access.redhat.com/errata/RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3521 https://access.redhat.com/errata/RHSA-2018:3533 https://access.redhat.com/errata/ • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18310 – elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl
https://notcve.org/view.php?id=CVE-2018-18310
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Se ha descubierto una desreferencia de dirección de memoria inválida en dwfl_segment_report_module.c en libdwfl en elfutils 0.4.8 hasta la versión v0.174. La vulnerabilidad permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo ELF manipulado, tal y como queda demostrado con consider_notes. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18310 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 3CVE-2018-17961 – ghostscript - executeonly Bypass with errorhandler Setup
https://notcve.org/view.php?id=CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con la configuración de errorhandler. NOTA: este problema existe debido a una solución incompleta para CVE-2018-17183. Ghostscript suffers from an executeonly bypass with errorhandler setup. • https://www.exploit-db.com/exploits/45573 https://github.com/matlink/CVE-2018-17961 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94 http://www.openwall.com/lists/oss-security/2018/10/09/4 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc& • CWE-209: Generation of Error Message Containing Sensitive Information CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-18073 – ghostscript: Saved execution stacks can leak operator arrays
https://notcve.org/view.php?id=CVE-2018-18073
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Artifex Ghostscript permite que los atacantes omitan un mecanismo de protección de sandbox aprovechando la exposición de los operadores del sistema en la pila de ejecución guardada en un objeto error. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html http://www.openwall.com/lists/oss-security/2018/10/10/12 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 https://bugs.ghostscript.com/show_bug.cgi?id=699927 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https://usn.ubuntu.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2018-18074 – python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
https://notcve.org/view.php?id=CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. El paquete Requests antes de la versión 2.20.0 para Python envía una cabecera de autorización HTTP a un URI http al recibir una redirección same-hostname https-to-http, lo que facilita que los atacantes remotos descibran las credenciales esnifando la red. A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials. • http://docs.python-requests.org/en/master/community/updates/#release-and-version-history http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html https://access.redhat.com/errata/RHSA-2019:2035 https://bugs.debian.org/910766 https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff https://github.com/requests/requests/issues/4716 https://github.com/requests/requests/pull/4718 https://usn.ubuntu.com/3790-1 https://usn.ubuntu.com/3790-2 https:/& • CWE-522: Insufficiently Protected Credentials •