CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000878
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416: uso de memoria previamente liberada en el descodificador RAR (libarchive/archive_read_support_format_rar.c) que puede resultar en un cierre inesperado/denegación de servicio. Se desconoce si se puede ejecutar código de forma remota. El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-416: Use After Free •
CVSS: 9.8EPSS: 54%CPEs: 13EXPL: 0CVE-2018-15127 – libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution
https://notcve.org/view.php?id=CVE-2018-15127
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution LibVNC antes del commit con ID 502821828ed00b4a2c4bef90683d0fd88ce495de contiene una vulnerabilidad de escritura de memoria dinámica (heap) fuera de límites en el código del servidor de la extensión de transferencia de archivos que puede resultar en la ejecución remota de código. • https://access.redhat.com/errata/RHSA-2019:0059 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.debian.org/security/2019/dsa-4383 https://access.redhat.com/securit • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2018-16876 – ansible: Information disclosure in vvv+ mode with no_log on
https://notcve.org/view.php?id=CVE-2018-16876
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. ansible en versiones anteriores a las 2.5.14, 2.6.11 y 2.7.5 es vulnerable a un fallo de divulgación de información en el modo vvv+ con "no_log" habilitado, el cual podría provocar el filtrado de datos sensibles. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html http://www.securityfocus.com/bid/106225 https://access.redhat.com/errata/RHSA-2018:3835 https://access.redhat.com/errata/RHSA-2018:3836 https://access.redhat.com/errata/RHSA-2018:3837 https://access.redhat.com/errata/RHSA-2018:3838 https://access.redhat.com/errata& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2018-18493 – Mozilla: Buffer overflow in accelerated 2D canvas with Skia
https://notcve.org/view.php?id=CVE-2018-18493
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir un desbordamiento de búfer en la librería SKIA durante los cálculos de un desplazamiento de búfer con acciones de hardware aceleradas de CANVAS 2D, debido al uso de cálculos de 32-bit en vez de 64-bit. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https://usn.ubuntu.com/3844-1 https://usn.ubuntu.com/3868-1 https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18498 – Mozilla: Integer overflow when calculating buffer sizes for images
https://notcve.org/view.php?id=CVE-2018-18498
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir una vulnerabilidad potencial que conduce a un desbordamiento de enteros durante los cálculos de tamaño de búfer cuando se emplea un valor bruto en vez del valor comprobado. Esto conduce a una escritura fuera de límites. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/show_bug.cgi?id=1500011 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https://usn.ubuntu.com/3844-1 https://usn.ubuntu.com/3868-1 https:/&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •