CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 1CVE-2018-18313 – perl: Heap-based buffer read overflow in S_grok_bslash_N()
https://notcve.org/view.php?id=CVE-2018-18313
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de búfer mediante una expresión regular manipulada que desencadena la divulgación de información sensible de la memoria del proceso. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646738 https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://rt& • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:1790 https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https:&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 1CVE-2018-18314 – perl: Heap-based buffer overflow in S_regatom()
https://notcve.org/view.php?id=CVE-2018-18314
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646751 https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://rt.perl. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 1CVE-2018-18312 – perl: Heap-based buffer overflow in S_handle_regex_sets()
https://notcve.org/view.php?id=CVE-2018-18312
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://www.securityfocus.com/bid/106179 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646734 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://metacpan.org/changes/release/SHAY/perl-5.28.1 https://rt.perl.org/Pub • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-16850 – postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING
https://notcve.org/view.php?id=CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges. postgresql en versiones anteriores a la 11.1 y 10.6 es vulnerable a una inyección SQL en pg_upgrade y pg_dump mediante CREATE TRIGGER ... REFERENCING. Mediante una definición de detonador manipulado para tal propósito, un atacante puede provocar que la ejecución con privilegios de superusuario de instrucciones SQL. • http://www.securityfocus.com/bid/105923 http://www.securitytracker.com/id/1042144 https://access.redhat.com/errata/RHSA-2018:3757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850 https://security.gentoo.org/glsa/201811-24 https://usn.ubuntu.com/3818-1 https://www.postgresql.org/about/news/1905 https://access.redhat.com/security/cve/CVE-2018-16850 https://bugzilla.redhat.com/show_bug.cgi?id=1645937 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •