CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 1CVE-2018-7569 – binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library
https://notcve.org/view.php?id=CVE-2018-7569
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. dwarf2.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento o subdesbordamiento de enteros y cierre inesperado de la aplicación) mediante un archivo ELF con un bloque DWARF FORM corrupto, tal y como demuestra nm. An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22895 https://access.redhat.com/security/cve/CVE-2018-7569 https://bugzilla.redhat.com/show_bug.cgi?id=1551778 • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7568 – binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library
https://notcve.org/view.php?id=CVE-2018-7568
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. La función parse_die en dwarf1.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de enteros y cierre inesperado de la aplicación) mediante un archivo ELF con información de depuración corrupta, tal y como demuestra nm. An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22894 https://access.redhat.com/security/cve/CVE-2018-7568 https://bugzilla.redhat.com/show_bug.cgi?id=1551771 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 1CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patrón de URL "" (la cadena vacía) que mapea exactamente al root de contexto no se gestionó correctamente en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 al emplearse como parte de una definición de limitación de seguridad. • https://github.com/knqyf263/CVE-2018-1304 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103170 http://www.securitytracker.com/id/1040427 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redha • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7549 – zsh: crash on copying empty hash table
https://notcve.org/view.php?id=CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. En params.c en zsh, hasta la versión 5.4.2, hay un cierre inesperado durante la copia de una tabla de hashes vacía, tal y como demuestra typeset -p. A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. • https://access.redhat.com/errata/RHSA-2018:3073 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2018-7549 https://bugzilla.redhat.com/show_bug.cgi?id=1549858 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6764 – libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init
https://notcve.org/view.php?id=CVE-2018-6764
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protección de contenedor planeado y ejecuten comandos arbitrarios mediante un módulo NSS manipulado. • http://www.ubuntu.com/usn/USN-3576-1 https://access.redhat.com/errata/RHSA-2018:3113 https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html https://access.redhat.com/security/cve/CVE-2018-6764 https://bugzilla.redhat.com/show_bug.cgi?id=1541444 • CWE-179: Incorrect Behavior Order: Early Validation CWE-346: Origin Validation Error •