CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1116 – polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
https://notcve.org/view.php?id=CVE-2018-1116
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. Se ha descubierto un problema en versiones anteriores a la 0.116 de polkit. La implementación de la función polkit_backend_interactive_authority_check_authorization en polkitd permite probar la autenticación y desencadenar la autenticación de procesos no relacionados propiedad de otros usuarios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116 https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364 https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html https://security.gentoo.org/glsa/201908-14 https://usn.ubuntu.com/3717-2 https://access.redhat.com/security/cve/CVE-2018-1116 https://bugzilla.redhat.com/show_bug.cgi?id=1595404 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0360
https://notcve.org/view.php?id=CVE-2018-0360
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. ClamAV en versiones anteriores a la 0.100.1 tiene un desbordamiento de enteros HWP con un bucle infinito resultante mediante un archivo Hangul Word Processor manipulado. Esto es en parsehwp3_paragraph() en libclamav/hwp.c. • http://www.securitytracker.com/id/1041367 https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html https://lists.debian.org/debian-lts-announce/2018/08/msg00020.html https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12 https://security.gentoo.org/glsa/201904-12 https://usn.ubuntu.com/3722-1 https://usn.ubuntu.com/3722-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-12896
https://notcve.org/view.php?id=CVE-2018-12896
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. • https://bugzilla.kernel.org/show_bug.cgi?id=200189 https://github.com/lcytxw/bug_repro/tree/master/bug_200189 https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://usn.ubuntu.com/3847-1 https://usn.ubuntu.com/3847-2 https://usn.ubuntu.com/3847- • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2018-10860
https://notcve.org/view.php?id=CVE-2018-10860
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. perl-archive-zip es vulnerable a salto de directorio en Archive::Zip. Se ha descubierto que el módulo Archivo::Zip no saneaba correctamente las rutas cuando se extraían archivos zip. Un atacante que pueda proporcionar un archivo especialmente manipulado para que se procese podría utilizar esta vulnerabilidad para escribir o sobrescribir archivos arbitrarios en el contexto del intérprete perl. • http://www.securityfocus.com/bid/104580 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860 https://lists.debian.org/debian-lts-announce/2018/07/msg00032.html https://usn.ubuntu.com/3703-1 https://usn.ubuntu.com/3703-2 https://www.debian.org/security/2018/dsa-4300 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1152
https://notcve.org/view.php?id=CVE-2018-1152
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. libjpeg-turbo 1.5.90 es vulnerable a una denegación de servicio (DoS) provocada por una división entre cero al procesar una imagen BMP manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html http://www.securityfocus.com/bid/104543 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html https://usn.ubuntu.com/3706-1 https://usn.ubuntu.com/3706-2 https://www.tenab • CWE-369: Divide By Zero •