CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-7566 – kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
https://notcve.org/view.php?id=CVE-2018-7566
28 Mar 2018 — The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. El kernel de Linux 4.15 tiene un desbordamiento de búfer mediante una operación de escritura ioctl SNDRV_SEQ_IOCTL_SET_CLIENT_POOL en /dev/snd/seq por un usuario local. ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, ... • http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 5%CPEs: 18EXPL: 0CVE-2018-1301 – httpd: Out of bounds access after failure in reading the HTTP request
https://notcve.org/view.php?id=CVE-2018-1301
26 Mar 2018 — A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Una petición especialmente manipulada podría haber provocado el cierre inesperado del servidor Apache HTTP en versiones anteriores a la 2.4.30, debido a u... • http://www.openwall.com/lists/oss-security/2018/03/24/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 4%CPEs: 16EXPL: 0CVE-2018-1283 – httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
https://notcve.org/view.php?id=CVE-2018-1283
26 Mar 2018 — In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. En Apache httpd, versiones 2.4.0 hasta la 2.4.29, cuando se configura mod_session... • http://www.openwall.com/lists/oss-security/2018/03/24/4 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 39EXPL: 0CVE-2018-1312 – httpd: Weak Digest auth nonce generation in mod_auth_digest
https://notcve.org/view.php?id=CVE-2018-1312
26 Mar 2018 — In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. En Apache httpd, en versiones desde la 2.2.0 hasta la 2.4.29, cuando se genera un desafío de autenticación HTTP Digest, el nonce enviado para evitar ataques replay no se... • http://www.openwall.com/lists/oss-security/2018/03/24/7 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.5EPSS: 8%CPEs: 36EXPL: 0CVE-2017-15710 – httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
https://notcve.org/view.php?id=CVE-2017-15710
26 Mar 2018 — In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of b... • http://www.openwall.com/lists/oss-security/2018/03/24/8 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 94%CPEs: 16EXPL: 1CVE-2017-15715 – httpd: <FilesMatch> bypass with a trailing newline in the file name
https://notcve.org/view.php?id=CVE-2017-15715
26 Mar 2018 — In Apache httpd 2.4.0 to 2.4.29, the expression specified in
CVSS: 9.8EPSS: 43%CPEs: 25EXPL: 4CVE-2018-1000140 – librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
https://notcve.org/view.php?id=CVE-2018-1000140
23 Mar 2018 — rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. rsyslog librelp en versiones 1.2.14 y anteriores contiene una vulnerabilidad de desbordamiento de búfer en la verificación de certificados x509 desde un peer que puede r... • https://packetstorm.news/files/id/172829 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 0CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
20 Mar 2018 — org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módul... • http://www.securityfocus.com/bid/103737 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-1068 – kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
https://notcve.org/view.php?id=CVE-2018-1068
16 Mar 2018 — A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Se ha encontrado un error en la implementación de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permitía que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel. A flaw was found in the Linux kernel's implementat... • http://www.securityfocus.com/bid/103459 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 26%CPEs: 22EXPL: 1CVE-2018-5146 – Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5146
16 Mar 2018 — An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Una escritura de memoria fuera de límites mientras se procesaban los datos de audio de Vorbis fue reportada a través de la competición Pwn2Own. Esta vulnerabilidad afecta a las versiones anteriores a la 59.0.1 de Firefox, las versiones anteriores a la 52.7.2 de Firefox ESR y las versiones anteriores a la 52.7 de ... • https://github.com/f01965/CVE-2018-5146 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •