CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites. La función que gestiona los mensajes entrantes NTLM de tipo 2 ("lib/vauth/ntlm.c:ntlm_decode_type2_target") no valida los datos entrantes correctamente y está sujeta a una vulnerabilidad de desbordamiento de enteros. • https://github.com/michelleamesquita/CVE-2018-16890 http://www.securityfocus.com/bid/106947 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-16890.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.netapp.com/advisory/ntap-20190315-0001 https://sup • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 19%CPEs: 23EXPL: 1CVE-2019-3822 – curl: NTLMv2 type-3 header stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-3822
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. • http://www.securityfocus.com/bid/106950 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2019-3822.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.gentoo.org/glsa/201903-03 https://security.netapp.com/advisory/ntap-20190315-0001 https://security.n • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18502
https://notcve.org/view.php?id=CVE-2018-18502
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 64. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18503
https://notcve.org/view.php?id=CVE-2018-18503
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. Cuando se utiliza JavaScript para crear y manipular un búfer de audio, podría ocurrir un cierre inesperado explotable debido a una no coincidencia de un compartimento en algunas situaciones. Esta vulnerabilidad afecta a las versiones anteriores a la 65 de Firefox. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3814 – dovecot: Improper certificate validation
https://notcve.org/view.php?id=CVE-2019-3814
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Se ha descubierto que Dovecot, en versiones anteriores a la 2.2.36.1 y 2.3.4.1, gestiona de manera incorrecta los certificados del cliente. Un atacante remoto en posesión de un certificado válido con un campo "username" vacío podría emplear este problema para suplantar a otros usuarios. It was discovered that Dovecot incorrectly handled client certificates. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html https://access.redhat.com/errata/RHSA-2019:3467 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS https://security.gentoo.org/glsa/201904-19 https://www.dovecot.org/list/dovecot/2019-Feb • CWE-295: Improper Certificate Validation •