CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5001 – Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5001
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5001 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5000 – Adobe Flash RTMP Parsing Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-5000
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de desbordamiento de enteros. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5000 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 2CVE-2018-1120 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). Se ha encontrado un error que afecta al kernel de Linux en versiones anteriores a la 4.17. Al realizar un mmap() sobre un archivo copiado con FUSE en la memoria de un proceso que contiene argumentos de línea de comandos (o cadenas de entorno), un atacante puede hacer que las utilidades de psutils o procps (como ps o w) o cualquier otro programa que realiza una llamada read() a los archivos /proc//cmdline (o /proc//environ) se bloqueen indefinidamente (denegación de servicio) o durante un tiempo determinado (como primitiva de sincronización para otros ataques). By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). • https://www.exploit-db.com/exploits/44806 http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104229 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830 https://lists.debian.org/debian-lt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1118 – kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. El vhost del kernel de Linux desde la versión 4.8 no inicializa correctamente la memoria en los mensajes que se pasan entre invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Esto puede permitir que usuarios con privilegios locales lean el contenido de la memoria del kernel al leer del archivo de dispositivo /dev/vhost-net. The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3762-1 https://usn.ubuntu.com/3762-2 https://access.redhat.com/security/cve/CVE-2018-1118 https://bugzilla.redhat.com/show_bug.cgi?id=1573699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1130 – kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
https://notcve.org/view.php?id=CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. El kernel de Linux en versiones anteriores a la 4.16-rc7 es vulnerable a una desreferencia de puntero NULL en la función dccp_write_xmit() en net/dccp/output.c en la que un usuario local puede provocar una denegación de servicio mediante un número de llamadas del sistema manipuladas. A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. • https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian& • CWE-476: NULL Pointer Dereference •