CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2018-5145 – Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5145
15 Mar 2018 — Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Se han informado de errores de seguridad de memoria en Firefox ESR 52.6. Estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103384 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-7858 – QEMU: cirrus: OOB access when updating VGA display
https://notcve.org/view.php?id=CVE-2018-7858
12 Mar 2018 — Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. Quick Emulator (también conocido como QEMU), cuando se integra con soporte para Cirrus CLGD 54xx VGA Emulator, permite que usuarios privilegiados locales, invitados del sistema operativo, provoquen una denegación de servicio (acceso fuera de ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
01 Mar 2018 — The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor ... • http://www.securityfocus.com/bid/103181 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 29%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
01 Mar 2018 — A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhc... • http://www.securityfocus.com/bid/103188 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 1CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c
https://notcve.org/view.php?id=CVE-2018-7225
19 Feb 2018 — An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmen... • http://www.openwall.com/lists/oss-security/2018/02/18/1 • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 9.8EPSS: 15%CPEs: 18EXPL: 0CVE-2018-5379 – quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-5379
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberación (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desc... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
12 Feb 2018 — The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando u... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 58%CPEs: 22EXPL: 3CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
08 Feb 2018 — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosur... • https://packetstorm.news/files/id/146319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 34%CPEs: 13EXPL: 83CVE-2018-6574 – golang: arbitrary code execution during "go get" via C compiler options
https://notcve.org/view.php?id=CVE-2018-6574
07 Feb 2018 — Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. Go, en versiones anteriores a la 1.8.7; Go en versiones 1.9.x anteriores a la 1.9.4 y los prelanzamientos de Go 1.10 anteriores a Go 1.10rc2 permiten la ejecución remota de comandos "go get" durante la construcción del código fuente aprovechando la caracter... • https://github.com/neargle/Go-Get-RCE-CVE-2018-6574-POC • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6560 – flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake
https://notcve.org/view.php?id=CVE-2018-6560
02 Feb 2018 — In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. En dbus-proxy/flatpak-proxy.c en Flatpak en versiones anteriores a la 0.8.9, 0.9.x y 0.10.x anteriores a la 0.10.3, se pueden utilizar mensajes D-Bus manipulados para salir del sandbox, ya que la gestión de los espacios en blanco en el proxy no es i... • https://access.redhat.com/errata/RHSA-2018:2766 • CWE-270: Privilege Context Switching Error CWE-436: Interpretation Conflict •