CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1071 – zsh: Stack-based buffer overflow in exec.c:hashcmd()
https://notcve.org/view.php?id=CVE-2018-1071
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. zsh, hasta la versión 5.4.2, es vulnerable a un desbordamiento de búfer basado en pila en la función exec.c:hashcmd(). Un atacante local podría explotar esta vulnerabilidad para provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/103359 https://access.redhat.com/errata/RHSA-2018:3073 https://bugzilla.redhat.com/show_bug.cgi?id=1553531 https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201805-10 https://usn.ubuntu.com/3608-1 https://access.redhat.com/security/cve/CVE-2018-1071 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-7740 – kernel: Denial of service in resv_map_release function in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2018-7740
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. La función resv_map_release en mm/hugetlb.c en el kernel de Linux hasta la versión 4.15.7 permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación manipulada que realiza llamadas del sistema mmap y tiene un argumento grande pgoff en la llamada del sistema remap_file_pages. The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. • http://www.securityfocus.com/bid/103316 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199037 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3910-1 https://usn.ubuntu.com/3910-2 https://www.debian.org/security/2018/dsa-4187 https://www.debian.org/security/2018/dsa-4188 https://access.redhat.com/security/cve/CVE-2018-7740 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1054 – 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c
https://notcve.org/view.php?id=CVE-2018-1054
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de lectura de memoria fuera de límites en la forma en la que 389-ds-base gestionaba ciertos filtros de búsqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://www.securityfocus.com/bid/103228 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1537314 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/issue/49545 https://access.redhat.com/security/cve/CVE-2018-1054 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7518 – Kernel: KVM: debug exception via syscall emulation
https://notcve.org/view.php?id=CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. Se ha detectado un error en el kernel de Linux en versiones anteriores a la 4.12 en la forma en la que el módulo KVM procesó el bit trap flag(TF) en EFLAGS durante la emulación de la instrucción de la llamada del sistema, lo que conduce a que se lance una excepción de depuración (#DB) en la pila invitada. Un usuario/proceso en un invitado podría utilizar este error para escalar sus privilegios en el invitado. • http://www.openwall.com/lists/oss-security/2017/06/23/5 http://www.securityfocus.com/bid/99263 http://www.securitytracker.com/id/1038782 https://access.redhat.com/articles/3290921 https://access.redhat.com/errata/RHSA-2018:0395 https://access.redhat.com/errata/RHSA-2018:0412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 https://www.debian.org/security&# • CWE-250: Execution with Unnecessary Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5729 – krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos provoque una denegación de servicio (desreferencia de puntero NULL) u omita una comprobación de contenedor DN proporcionando datos etiquetados internos del módulo de la base de datos. • http://www.securitytracker.com/id/1042071 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3071 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 https://bugzilla.redhat.com/show_bug.cgi?id=1551083 https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://lists.fedoraproject.org/ar • CWE-476: NULL Pointer Dereference •