CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1083 – zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
https://notcve.org/view.php?id=CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. Zsh en versiones anteriores a la 5.4.2-test-1 es vulnerable a un desbordamiento de búfer en la funcionalidad de autocompletar del shell. Un usuario local sin privilegios puede crear una ruta de directorio especialmente manipulada que dé lugar a la ejecución de código en el contexto de un usuario que trata de emplear el autocompletado para crear un salto de directorio a la localización mencionada. • http://www.securityfocus.com/bid/103572 https://access.redhat.com/errata/RHSA-2018:1932 https://access.redhat.com/errata/RHSA-2018:3073 https://bugzilla.redhat.com/show_bug.cgi?id=1557382 https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 https://usn.ubuntu.com/3608-1 https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5148 – firefox: Use-after-free in compositor potentially allows code execution
https://notcve.org/view.php?id=CVE-2018-5148
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en el compositor durante determinadas operaciones de gráficos cuando un puntero raw se utiliza en vez de una de conteo de referencias. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/103506 http://www.securitytracker.com/id/1040574 https://access.redhat.com/errata/RHSA-2018:1098 https://access.redhat.com/errata/RHSA-2018:1099 https://bugzilla.mozilla.org/show_bug.cgi?id=1440717 https://lists.debian.org/debian-lts-announce/2018/03/msg00023.html https://usn.ubuntu.com/3609-1 https://www.debian.org/security/2018/dsa-4153 https://www.mozilla.org/security/advisories/mfsa2018-10 https://access.redhat.com/security/cve/CVE& • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2018-1312 – httpd: Weak Digest auth nonce generation in mod_auth_digest
https://notcve.org/view.php?id=CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. En Apache httpd, en versiones desde la 2.2.0 hasta la 2.4.29, cuando se genera un desafío de autenticación HTTP Digest, el nonce enviado para evitar ataques replay no se generó correctamente empleando una semilla pseudoaleatoria. En un clúster de servidores, utilizando una configuración de autenticación Digest común, las peticiones HTTP se podrían reemplazar en los servidores por un atacante si que este sea detectado. • http://www.openwall.com/lists/oss-security/2018/03/24/7 http://www.securityfocus.com/bid/103524 http://www.securitytracker.com/id/1040571 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:1898 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd. • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-8976 – exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp
https://notcve.org/view.php?id=CVE-2018-8976
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. En Exiv2 0.26, jpgimage.cpp permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límites de Exiv2::Internal::stringFormat en image.cpp) mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/246 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-8976 https://bugzilla.redhat.com/show_bug.cgi?id=1561213 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 39%CPEs: 25EXPL: 3CVE-2018-1000140 – librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
https://notcve.org/view.php?id=CVE-2018-1000140
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. rsyslog librelp en versiones 1.2.14 y anteriores contiene una vulnerabilidad de desbordamiento de búfer en la verificación de certificados x509 desde un peer que puede resultar en la ejecución remota de código. Parece que este ataque puede ser explotable debido a que un atacante remoto puede conectarse a rsyslog y desencadena un desbordamiento de búfer basado en pila mediante el envío de un certificado x509 especialmente manipulado. A stack-based buffer overflow was found in the way librelp parses X.509 certificates. By connecting or accepting connections from a remote peer, an attacker may use a specially crafted X.509 certificate to exploit this flaw and potentially execute arbitrary code. • https://github.com/s0/rsyslog-librelp-CVE-2018-1000140 https://github.com/s0/rsyslog-librelp-CVE-2018-1000140-fixed http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html https://access.redhat.com/errata/RHSA-2018:1223 https://access.redhat.com/errata/RHSA-2018:1225 https://access.redhat.com/errata/RHSA-2018:1701 https://access.redhat.com/errata/RHSA-2018:1702 https://access.redhat.com/errata/RHSA-2018:1703 https://access.redhat.com/errata/RHSA-2018:1704 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •