CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2018-14599 – libX11: Off-by-one error in XListExtensions in ListExt.c
https://notcve.org/view.php?id=CVE-2018-14599
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. Se ha descubierto un problema en libX11 hasta su versión 1.6.5. La función XListExtensions en ListExt.c es vulnerable a un error por un paso provocado por respuestas maliciosas del servidor, lo que conduce a una denegación de servicio (DoS) o a otro tipo de impacto sin especificar. An off-by-one error has been discovered in libX11 in functions XGetFontPath(), XListExtensions(), and XListFonts(). • http://www.openwall.com/lists/oss-security/2018/08/21/6 http://www.securityfocus.com/bid/105177 http://www.securitytracker.com/id/1041543 https://access.redhat.com/errata/RHSA-2019:2079 https://bugzilla.suse.com/show_bug.cgi?id=1102062 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0 https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 17EXPL: 0CVE-2018-1517 – JDK: DoS in the java.math component
https://notcve.org/view.php?id=CVE-2018-1517
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. Un fallo en el componente java.math en IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0 podría permitir que un atacante inflija un ataque de denegación de servicio (DoS) con datos String especialmente manipulados. IBM X-Force ID: 141681. • http://www.ibm.com/support/docview.wss?uid=ibm10719653 http://www.securityfocus.com/bid/105117 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2713 https://exchange.xforce.ibmcloud.com/vulnerabilities/141681 https://access.redhat.com/security/cv • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1656 – JDK: path traversal flaw in the Diagnostic Tooling Framework
https://notcve.org/view.php?id=CVE-2018-1656
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882. • http://www.ibm.com/support/docview.wss?uid=ibm10719653 http://www.securityfocus.com/bid/105118 http://www.securitytracker.com/id/1041765 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2713 https://exchange.xforce.ibmcloud.com/vulnerabilities/14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-10873 – spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
https://notcve.org/view.php?id=CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.14.1 en la que el código generado utilizado para deserializar mensajes carecía de comprobaciones de límites suficientes. Un cliente o servidor malicioso, después de la autenticación, podría enviar mensajes especialmente manipulados a su peer, lo que resultaría en un cierre inesperado o, potencialmente, otros impactos. A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. • http://www.securityfocus.com/bid/105152 https://access.redhat.com/errata/RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873 https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 2%CPEs: 32EXPL: 18CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto está relacionado con auth2-gss.c, auth2-hostbased.c, y auth2-pubkey.c. A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. • https://www.exploit-db.com/exploits/45939 https://www.exploit-db.com/exploits/45233 https://www.exploit-db.com/exploits/45210 https://github.com/Rhynorater/CVE-2018-15473-Exploit https://github.com/r3dxpl0it/CVE-2018-15473 https://github.com/Sait-Nuri/CVE-2018-15473 https://github.com/LINYIKAI/CVE-2018-15473-exp https://github.com/MrDottt/CVE-2018-15473 https://github.com/yZ1337/CVE-2018-15473 https://github.com/1stPeak/CVE-2018-15473 https://github.com/0xrobiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •