CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19541
https://notcve.org/view.php?id=CVE-2018-19541
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19543
https://notcve.org/view.php?id=CVE-2018-19543
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. Se ha descubierto un problema en JasPer 2.0.14. Existe un desbordamiento de búfer basado en memoria dinámica (heap) del tamaño 8 en la función jp2_decode in libjasper/jp2/jp2_dec.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18849 – Ubuntu Security Notice USN-3826-1
https://notcve.org/view.php?id=CVE-2018-18849
26 Nov 2018 — In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. En Qemu 3.0.0, lsi_do_msgin en hw/scsi/lsi53c895a.c permite el acceso fuera de límites desencadenando un valor msg_len inválido. Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the Slirp... • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-19364 – Ubuntu Security Notice USN-3826-1
https://notcve.org/view.php?id=CVE-2018-19364
26 Nov 2018 — hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. hw/9pfs/cofile.c y hw/9pfs/9p.c en QEMU pueden modificar una ruta fid mientras un segundo hilo accede a ella, lo que conduce a, por ejemplo, un uso de memoria previamente liberada. Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to cra... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 74%CPEs: 15EXPL: 1CVE-2018-19475 – ghostscript: access bypass in psi/zdevice2.c (700153)
https://notcve.org/view.php?id=CVE-2018-19475
23 Nov 2018 — psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. psi/zdevice2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a que el espacio de pila disponible no se comprueba cuando el dispositivo no cambia. The Ghostscript suite contains utilities for rendering PostScript and PDF docum... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2018-19476 – ghostscript: access bypass in psi/zicc.c (700169)
https://notcve.org/view.php?id=CVE-2018-19476
23 Nov 2018 — psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. psi/zicc.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo setcolorspace. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code ca... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2018-19477 – ghostscript: access bypass in psi/zfjbig2.c (700168)
https://notcve.org/view.php?id=CVE-2018-19477
23 Nov 2018 — psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. psi/zfjbig2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo JBIG2Decode. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code ... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 17%CPEs: 12EXPL: 0CVE-2018-19409 – ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c
https://notcve.org/view.php?id=CVE-2018-19409
21 Nov 2018 — An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Se ha descubierto un problema en versiones anteriores a la 9.26 de Artifex Ghostscript. LockSafetyParams no se comprueba correctamente si se emplea otro dispositivo. It was discovered that Ghostscript contained multiple security issues. • http://www.securityfocus.com/bid/105990 • CWE-391: Unchecked Error Condition •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-19407 – Ubuntu Security Notice USN-3878-1
https://notcve.org/view.php?id=CVE-2018-19407
21 Nov 2018 — The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. La función vcpu_scan_ioapic en arch/x86/kvm/x86.c en el kernel de Linux hasta la versión 4.19.2 permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULLy error) mediante llamadas del sistema manipuladas que alcanzan una sit... • http://www.securityfocus.com/bid/105987 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 4%CPEs: 6EXPL: 1CVE-2018-19210 – Debian Security Advisory 4670-1
https://notcve.org/view.php?id=CVE-2018-19210
12 Nov 2018 — In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. En LibTIFF 4.0.9, hay una desreferencia de puntero NULL en la función TIFFWriteDirectorySec en tif_dirwrite.c que conducirá a un ataque de denegación de servicio (DoS), tal y como queda demostrado con tiffset. Several vulnerabilities have been found in the TIFF library, which may result in denial of service or the execution of... • http://bugzilla.maptools.org/show_bug.cgi?id=2820 • CWE-476: NULL Pointer Dereference •