CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. • http://www.securityfocus.com/bid/103181 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:2462 https://bugzilla.redhat.com/show_bug.cgi?id=1549798 https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:&#x • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 1CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c
https://notcve.org/view.php?id=CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmente sensibles o, posiblemente, a otro tipo de impacto sin especificar (por ejemplo, un desbordamiento de enteros) mediante paquetes VNC especialmente manipulados. • http://www.openwall.com/lists/oss-security/2018/02/18/1 http://www.securityfocus.com/bid/103107 https://access.redhat.com/errata/RHSA-2018:1055 https://github.com/LibVNC/libvncserver/issues/218 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://se • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0CVE-2018-5379 – quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberación (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desconocidos. Un ataque con éxito podría provocar una denegación de servicio (DoS) o permitir que un atacante ejecute código arbitrario. A double-free vulnerability was found in Quagga. • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 http://www.kb.cert.org/vuls/id/940439 http://www.securityfocus.com/bid/103105 https://access.redhat.com/errata/RHSA-2018:0377 https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html https://security.gentoo.org/glsa/201804-17 https://usn.ubuntu.com/3573-1 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando un valor wake o requeue negativo. The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a http://www.securityfocus.com/bid/103023 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu. • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 59%CPEs: 22EXPL: 2CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file. LibreOffice suffers from a remote arbitrary file disclosure vulnerability. • https://www.exploit-db.com/exploits/44022 https://access.redhat.com/errata/RHSA-2018:0418 https://access.redhat.com/errata/RHSA-2018:0517 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure https://usn.ubuntu.com/3579-1 https://www.debian.org/security/2018/dsa-4111 https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 https://access.red • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •