CVSS: 7.5EPSS: 3%CPEs: 27EXPL: 0CVE-2018-1061 – python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
https://notcve.org/view.php?id=CVE-2018-1061
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. python en versiones anteriores a la 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a backtracking catastrófico en el método difflib.IS_LINE_JUNK. Un atacante podría utilizar este fallo para provocar una denegación de servicio (DoS). A flaw was found in the way catastrophic backtracking was implem... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 1CVE-2018-1060 – python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
https://notcve.org/view.php?id=CVE-2018-1060
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastrófico en el método apop () de pop3lib. Un atacante podría usar este fallo para causar la denegación de servicio. A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's a... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-10733 – libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c
https://notcve.org/view.php?id=CVE-2018-10733
04 May 2018 — There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función ft_font_face_hash de gxps-fonts.c en libgxps hasta la versión 0.3.0. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. GNOME is the default desktop environment of Red Hat Enterprise Linux. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html • CWE-125: Out-of-bounds Read •