CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1000654 – Ubuntu Security Notice USN-5352-1
https://notcve.org/view.php?id=CVE-2018-1000654
20 Aug 2018 — GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegación de servicio (DoS). De manera específica, el uso de recursos de CPU llega al 100% cuando se e... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14524
https://notcve.org/view.php?id=CVE-2018-14524
23 Jul 2018 — dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs. dwg_decode_eed en decode.c en GNU LibreDWG en versiones anteriores a la 0.6 conduce a una doble liberación (double free) en dwg_free_eed en free.c, porque no gestiona correctamente el valor obj->eed después de que ocurra una liberación. • https://github.com/LibreDWG/libredwg/issues/33 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14471
https://notcve.org/view.php?id=CVE-2018-14471
20 Jul 2018 — dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file. dwg_obj_block_control_get_block_headers en dwg_api.c en GNU LibreDWG 0.5.1048, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y SEGV) mediante un archivo dwg manipulado. • https://github.com/LibreDWG/libredwg/issues/32 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14443
https://notcve.org/view.php?id=CVE-2018-14443
20 Jul 2018 — get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). get_first_owned_object en dwg.c en GNU LibreDWG 0.5.1036 permite que los atacantes remotos provoquen una denegación de servicio (SEGV). • http://hac425.unaux.com/index.php/archives/53 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14346 – Ubuntu Security Notice USN-4641-1
https://notcve.org/view.php?id=CVE-2018-14346
17 Jul 2018 — GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). GNU Libextractor en versiones anteriores a la 1.7 tiene un desbordamiento de búfer basado en pila en ec_read_file_func (unzip.c). It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain FLAC metadata. • http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2018-14347 – Ubuntu Security Notice USN-4641-1
https://notcve.org/view.php?id=CVE-2018-14347
17 Jul 2018 — GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). GNU Libextractor en versiones anteriores a la 1.7 contiene una vulnerabilidad de bucle infinito en EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain FLAC metadata. • http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0618 – mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages
https://notcve.org/view.php?id=CVE-2018-0618
16 Jul 2018 — Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Mailman 2.1.26 y anteriores permite que los atacantes autenticados inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner c... • http://jvn.jp/en/jp/JVN00846677/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13796 – mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites
https://notcve.org/view.php?id=CVE-2018-13796
12 Jul 2018 — An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. Se ha descubierto un problema en GNU Mailman en versiones anteriores a la 2.1.28. Una URL manipulada podría provocar que el texto arbitrario se muestre en una página web de un sitio fiable. It was discovered that Mailman incorrectly handled certain inputs. • https://bugs.launchpad.net/mailman/+bug/1780874 • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-13033 – binutils: Uncontrolled Resource Consumption in execution of nm
https://notcve.org/view.php?id=CVE-2018-13033
01 Jul 2018 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. La biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30 y anteriores permite que atacantes remotos provoquen... • http://www.securityfocus.com/bid/104584 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-12934 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-12934
28 Jun 2018 — remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. remember_Ktype en cplus-dem.c en GNU libiberty, tal y como viene distribuido en GNU Binutils 2.30, permite que los atacantes desencadenen un consumo de memoria excesivo (también conocido como OOM). Esto puede ocurrir durante la ejecución de cxxfilt. USN-4336-1 fixed several vulnerabilities in GNU binutils. This up... • https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101 • CWE-770: Allocation of Resources Without Limits or Throttling •