CVE-2018-1000140 – librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
https://notcve.org/view.php?id=CVE-2018-1000140
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. rsyslog librelp en versiones 1.2.14 y anteriores contiene una vulnerabilidad de desbordamiento de búfer en la verificación de certificados x509 desde un peer que puede resultar en la ejecución remota de código. Parece que este ataque puede ser explotable debido a que un atacante remoto puede conectarse a rsyslog y desencadena un desbordamiento de búfer basado en pila mediante el envío de un certificado x509 especialmente manipulado. A stack-based buffer overflow was found in the way librelp parses X.509 certificates. By connecting or accepting connections from a remote peer, an attacker may use a specially crafted X.509 certificate to exploit this flaw and potentially execute arbitrary code. • https://github.com/s0/rsyslog-librelp-CVE-2018-1000140 https://github.com/s0/rsyslog-librelp-CVE-2018-1000140-fixed http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html https://access.redhat.com/errata/RHSA-2018:1223 https://access.redhat.com/errata/RHSA-2018:1225 https://access.redhat.com/errata/RHSA-2018:1701 https://access.redhat.com/errata/RHSA-2018:1702 https://access.redhat.com/errata/RHSA-2018:1703 https://access.redhat.com/errata/RHSA-2018:1704 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. • http://www.securityfocus.com/bid/103737 http://www.securitytracker.com/id/1040627 https://access.redhat.com/errata/RHSA-2018:0582 https://access.redhat.com/errata/RHSA-2018:0592 https://access.redhat.com/errata/RHSA-2018:0627 https://access.redhat.com/errata/RHSA-2018:0628 https://access.redhat.com/errata/RHSA-2018:0629 https://access.redhat.com/errata/RHSA-2018:0630 https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https: • CWE-502: Deserialization of Untrusted Data •
CVE-2018-5146 – Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Una escritura de memoria fuera de límites mientras se procesaban los datos de audio de Vorbis fue reportada a través de la competición Pwn2Own. Esta vulnerabilidad afecta a las versiones anteriores a la 59.0.1 de Firefox, las versiones anteriores a la 52.7.2 de Firefox ESR y las versiones anteriores a la 52.7 de Thunderbird. An out of bounds write flaw was found in the processing of vorbis audio data. • https://github.com/f01965/CVE-2018-5146 http://www.securityfocus.com/bid/103432 http://www.securitytracker.com/id/1040544 https://access.redhat.com/errata/RHSA-2018:0549 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0649 https://access.redhat.com/errata/RHSA-2018:1058 https://bugzilla.mozilla.org/show_bug.cgi?id=1446062 https://lists.debian.org/debian-lts-announce/2018/03/msg • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-5145 – Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5145
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Se han informado de errores de seguridad de memoria en Firefox ESR 52.6. Estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103384 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-5144 – Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5144
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Se puede producir un desbordamiento de enteros durante la conversión de texto a algunos conjuntos de caracteres Unicode debido a un parámetro de longitud no verificado. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 52.7 de Thunderbird. • http://www.securityfocus.com/bid/103384 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1440926 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-190: Integer Overflow or Wraparound •