NotCVE - vendor:"Redhat" product:"Enterprise Linux Server Tus"

Page 55 of 759 results (0.009 seconds)

CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0

CVE-2018-20662 – poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc

https://notcve.org/view.php?id=CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. En la versión 0.72.0 de Poppler, PDFDoc::setup en PDFDoc.cc permite a los atacantes remotos provocar una denegación de servicio (cierre inesperado de la aplicación provocado por un SIGABRT en Object.h debido a un valor de retorno incorrecto de PDFDoc::setup) manipulando un archivo PDF en el que la estructura de datos xref se maneja de manera incorrecta durante el procesamiento de extractPDFSubtype. • https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f https://gitlab.freedesktop.org/poppler/poppler/issues/706 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS https://li • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

https://notcve.org/view.php?id=CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pdfdetach. • http://www.securityfocus.com/bid/106459 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 https://gitlab.freedesktop.org/poppler/poppler/issues/704 https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https:/ • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 9.8EPSS: 61%CPEs: 13EXPL: 0

CVE-2018-15127 – libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution

https://notcve.org/view.php?id=CVE-2018-15127

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution LibVNC antes del commit con ID 502821828ed00b4a2c4bef90683d0fd88ce495de contiene una vulnerabilidad de escritura de memoria dinámica (heap) fuera de límites en el código del servidor de la extensión de transferencia de archivos que puede resultar en la ejecución remota de código. • https://access.redhat.com/errata/RHSA-2019:0059 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.debian.org/security/2019/dsa-4383 https://access.redhat.com/securit • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0

CVE-2018-18493 – Mozilla: Buffer overflow in accelerated 2D canvas with Skia

https://notcve.org/view.php?id=CVE-2018-18493

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir un desbordamiento de búfer en la librería SKIA durante los cálculos de un desplazamiento de búfer con acciones de hardware aceleradas de CANVAS 2D, debido al uso de cálculos de 32-bit en vez de 64-bit. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https://usn.ubuntu.com/3844-1 https://usn.ubuntu.com/3868-1 https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1

CVE-2018-18397 – kernel: userfaultfd bypasses tmpfs file permissions

https://notcve.org/view.php?id=CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demostrado al permitir que usuarios locales escriban datos en huecos en un archivo tmpfs (si el usuario tiene acceso de solo lectura a dicho archivo que contiene huecos). Esto está relacionado con fs/userfaultfd.c y mm/userfaultfd.c. A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0202 https://access.redhat.com/errata/RHSA-2019:0324 https://access.redhat.com/errata/RHSA-2019:0831 https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87& • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •

1...53 54 55 56 57