Page 52 of 1412 results (0.023 seconds)

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-10911 – glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory

https://notcve.org/view.php?id=CVE-2018-10911

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. Se ha detectado un error en la forma en la que la función dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podría utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado. A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:2892 https://access.redhat.com/errata/RHSA-2018:3242 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1

CVE-2018-16435 – lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow

https://notcve.org/view.php?id=CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. Little CMS (también conocido como Little Color Management System) 2.9 tiene un desbordamiento de enteros en la función AllocateDataSet en cmscgats.c que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función SetData mediante un archivo manipulado en el segundo argumento en cmsIT8LoadFromFile. • https://access.redhat.com/errata/RHSA-2018:3004 https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8 https://github.com/mm2/Little-CMS/issues/171 https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html https://security.gentoo.org/glsa/202105-18 https://usn.ubuntu.com/3770-1 https://usn.ubuntu.com/3770-2 https://www.debian.org/security/2018/dsa-4284 https://access.redhat.com/security/cve/CVE-2018-16435 https://bugzilla.redhat.com/sh • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0

CVE-2018-5740 – A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named

https://notcve.org/view.php?id=CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •

CVSS: 10.0EPSS: 2%CPEs: 17EXPL: 0

CVE-2011-2767 – mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess

https://notcve.org/view.php?id=CVE-2011-2767

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. mod_perl 2.0 hasta la versión 2.0.10 permite que los atacantes ejecuten código Perl colocándolo en un archivo .htaccess propiedad del usuario, debido a que (al contrario de lo que pone en la documentación) no hay una opción de configuración que permita el código Perl para el control de administrador del procesamiento de peticiones HTTP sin permitir también que usuarios sin privilegios ejecuten código Perl en el contexto de la cuenta de usuario que ejecuta los procesos Apache HTTP Server. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html http://www.securityfocus.com/bid/105195 https://access.redhat.com/errata/RHSA-2018:2737 https://access.redhat.com/errata/RHSA-2018:2825 https://access.redhat.com/errata/RHSA-2018:2826 https://bugs.debian.org/644169 https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d%40%3Cmodperl-cvs.perl.apache.org%3E https://li • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-266: Incorrect Privilege Assignment •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2018-10902 – Linux Kernel MIDI Race Condition Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. Se ha detectado que el controlador del kernel midi raw no protege contra el acceso concurrente, lo que conduce a un doble realloc (doble liberación) en snd_rawmidi_input_params() y snd_rawmidi_output_status(), que son parte del manipulador snd_rawmidi_ioctl() en el archivo rawmidi.c. Un atacante local malicioso podría utilizarlo para escalar privilegios. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Linux Kernel. • http://www.securityfocus.com/bid/105119 http://www.securitytracker.com/id/1041529 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0415 https://access.redhat.com/errata/RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:3217 https://access.redhat.com/errata/RHSA-2019:3967 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902 https://git.kernel.org/pub/scm/linux/k • CWE-415: Double Free CWE-416: Use After Free •