CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-6913
https://notcve.org/view.php?id=CVE-2018-6913
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. Desbordamiento de búfer basado en memoria dinámica (heap) en la función pack de Perl, en versiones anteriores a la 5.26.2, permite que atacantes dependientes del contexto ejecuten código arbitrario mediante un conteo de items largo. • http://www.securityfocus.com/bid/103953 http://www.securitytracker.com/id/1040681 https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html https://rt.perl.org/Public/Bug/Display.html?id=131844 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://usn.ubuntu.com/3625-2 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 29EXPL: 0CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; específicamente la invocación EDITOR_PROGRAM (usando ed) puede resultar en la ejecución de código. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro común, las bases de código han divergido con el tiempo. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html http://rachelbythebay.com/w/2018/04/05/bangpatch https://access.redhat.com/errata/RHSA-2018:1199 https://access.redhat.com/errata/RHSA-2018:1200 https://access.redhat.com/errata/RHSA-2018:2091 https://access.redhat.com/errata/RHSA-2018:2092 https://access.redhat.com/errata/RHSA-2018:2093 https://access.redhat.com/errata/RHSA-2018:2094 https://access.redhat.com/errata/RHSA-2018:2095 ht • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13305 – kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker
https://notcve.org/view.php?id=CVE-2017-13305
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. Vulnerabilidad de revelación de información en encrypted-keys del kernel Upstream. • https://access.redhat.com/errata/RHSA-2018:2165 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://source.android.com/security/bulletin/pixel/2018-04-01 https://usn.ubuntu.com/3631-1 https://usn.ubuntu.com/3631-2 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://access.redhat.com/security/cve/CVE-2017-13305 https://bugzilla.redhat.com/show_bug.cgi? • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-7566 – kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
https://notcve.org/view.php?id=CVE-2018-7566
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. El kernel de Linux 4.15 tiene un desbordamiento de búfer mediante una operación de escritura ioctl SNDRV_SEQ_IOCTL_SET_CLIENT_POOL en /dev/snd/seq por un usuario local. ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. • http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html http://www.securityfocus.com/bid/103605 https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2019:1483 https://access.redhat.com/errata/RHSA-2019:1487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 0CVE-2017-15710 – httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
https://notcve.org/view.php?id=CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. • http://www.openwall.com/lists/oss-security/2018/03/24/8 http://www.securityfocus.com/bid/103512 http://www.securitytracker.com/id/1040569 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-787: Out-of-bounds Write •