CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-3836
https://notcve.org/view.php?id=CVE-2018-3836
24 Apr 2018 — An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. Existe una vulnerabilidad explotable de inyección de comandos en la función gplotMakeOutput de Leptonica 1.74.4. Un argumento gplot rootname especialm... • https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 3CVE-2017-7651 – Debian Security Advisory 4325-1
https://notcve.org/view.php?id=CVE-2017-7651
24 Apr 2018 — In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. En Eclipse Mosquitto 1.4.14, un usuario puede cerrar el servidor Mosquitto simplemente llenando la memoria RAM con muchas conexiones con una carga útil grande. Esto puede hacerse sin autenticaciones si ocurre en la fase de conexión del protocolo MQTT. It was discovered that ... • https://github.com/St3v3nsS/CVE-2017-7651 • CWE-400: Uncontrolled Resource Consumption CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-8781 – kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space
https://notcve.org/view.php?id=CVE-2018-8781
23 Apr 2018 — The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. La función udl_fb_mmap en drivers/gpu/drm/udl/udl_fb.c en el kernel de Linux en su versión 3.4 y hasta e incluyendo la versión 4.15 tiene una vulnerabilidad de desbordamiento de enteros... • https://access.redhat.com/errata/RHSA-2018:2948 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 67EXPL: 0CVE-2017-17833 – openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
https://notcve.org/view.php?id=CVE-2017-17833
23 Apr 2018 — OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. Las versiones de OpenSLP en las secuencias de código 1.0.2 y 1.1.0 tienen un problema de corrupción de memoria relacionada con la memoria dinámica (heap), que puede manifestarse como una vulnerabilidad de denegación de servicio (DoS) o de ejecución remota de código. A use-after-free flaw in OpenSLP 1.x and 2.x baselines wa... • http://support.lenovo.com/us/en/solutions/LEN-18247 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-12122 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-12122
23 Apr 2018 — An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes ILBM de SDL2_image-2.0.2. Una imagen ILBM especialmente manipulada puede provocar un desbordamiento de memoria dinámica (h... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-14440 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14440
23 Apr 2018 — An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes ILBM de SDL2_image-2.0.2. Un paquete de red especialmente manipulado puede provocar un desbordamiento de pila que resulta... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-14441 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14441
23 Apr 2018 — An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes ICO de SDL2_image-2.0.2. Una imagen ICO especialmente manipulada puede provocar un desbord... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-14442 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14442
23 Apr 2018 — An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes BMP de SDL2_image-2.0.2. Una imagen BMP especialmente manipulada puede provocar un desbordamiento de búfer basado en pila q... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-14450 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14450
23 Apr 2018 — A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la funcionalidad de renderización de imágenes GIF de SDL2_image-2.0.2. Una imagen GIF especialmente manipulada puede desembocar en un desbordamiento de búfer en una sección global. • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-10073
https://notcve.org/view.php?id=CVE-2014-10073
20 Apr 2018 — The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. La función create_response en server/server.c en Psensor, en versiones anteriores a la 1.1.4, permite el salto de directorio debido a que carece de una comprobación para determinar si un archivo está bajo el directorio webserver o no. • http://git.wpitchoune.net/gitweb/?p=psensor.git%3Ba=blob%3Bf=NEWS • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •