CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14346
https://notcve.org/view.php?id=CVE-2018-14346
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). GNU Libextractor en versiones anteriores a la 1.7 tiene un desbordamiento de búfer basado en pila en ec_read_file_func (unzip.c). • http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html https://www.debian.org/security/2018/dsa-4290 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0618 – mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages
https://notcve.org/view.php?id=CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Mailman 2.1.26 y anteriores permite que los atacantes autenticados inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts. • http://jvn.jp/en/jp/JVN00846677/index.html https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html https://security.gentoo.org/glsa/201904-10 https://usn.ubuntu.com/4348-1 https://www.debian.org/security/2018/dsa-4246 https://access.redhat.com/security/cve/CVE-2018-0618 https://bugzilla.redhat.com/show_bug.cgi?id=1596458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13796 – mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites
https://notcve.org/view.php?id=CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. Se ha descubierto un problema en GNU Mailman en versiones anteriores a la 2.1.28. Una URL manipulada podría provocar que el texto arbitrario se muestre en una página web de un sitio fiable. • https://bugs.launchpad.net/mailman/+bug/1780874 https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html https://security.gentoo.org/glsa/201904-10 https://usn.ubuntu.com/4348-1 https://www.mail-archive.com/mailman-users%40python.org/msg71003.html https://access.redhat.com/security/cve/CVE-2018-13796 https://bugzilla.redhat.com/show_bug.cgi?id=1609090 • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 1%CPEs: 5EXPL: 1CVE-2018-13033 – binutils: Uncontrolled Resource Consumption in execution of nm
https://notcve.org/view.php?id=CVE-2018-13033
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. La biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (asignación excesiva de memoria y cierre inesperado de la aplicación) mediante un archivo ELF manipulado. Esto queda demostrado por _bfd_elf_parse_attributes en elf-attrs.c y bfd_malloc en libbfd.c. Esto puede ocurrir durante la ejecución de nm. • http://www.securityfocus.com/bid/104584 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201908-01 https://sourceware.org/bugzilla/show_bug.cgi?id=23361 https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-13033 https://bugzilla.redhat.com/show_bug.cgi?id=1597436 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-12934
https://notcve.org/view.php?id=CVE-2018-12934
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. remember_Ktype en cplus-dem.c en GNU libiberty, tal y como viene distribuido en GNU Binutils 2.30, permite que los atacantes desencadenen un consumo de memoria excesivo (también conocido como OOM). Esto puede ocurrir durante la ejecución de cxxfilt. • https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453 https://sourceware.org/bugzilla/show_bug.cgi?id=23059 https://usn.ubuntu.com/4326-1 https://usn.ubuntu.com/4336-1 • CWE-770: Allocation of Resources Without Limits or Throttling •