CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-19840 – wawpack: Infinite loop in WavpackPackInit function lead to DoS
https://notcve.org/view.php?id=CVE-2018-19840
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. La función WavpackPackInit en pack_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (agotamiento de recursos provocado por un bucle infinito) mediante un archivo de audio wav manipulado debido a que WavpackSetConfiguration64 gestiona erróneamente una tasa de ejemplo con valor cero. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51 https://github.com/dbry/WavPack/issues/53 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT https://lists.fedoraproject.org/archives/list/package • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-19824 – kernel: Use-after-free in sound/usb/card.c:usb_audio_probe()
https://notcve.org/view.php?id=CVE-2018-19824
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. En el kernel de Linux hasta la versión 4.19.6, un usuario local podría explotar memoria previamente liberada en el controlador ALSA suministrando un dispositivo de sonido USB malicioso (con cero interfaces) que no se maneja correctamente en usb_audio_probe en sound/usb/card.c. A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system. • http://www.securityfocus.com/bid/106109 https://access.redhat.com/errata/RHSA-2019:2703 https://bugzilla.suse.com/show_bug.cgi?id=1118152 https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian- • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 4CVE-2018-19788 – polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass
https://notcve.org/view.php?id=CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Se ha detectado un fallo en PolicyKit (también conocido como polkit) 0.115 que permite que un usuario con una uid mayor que INT_MAX ejecute con éxito cualquier comando systemctl. • https://github.com/AbsoZed/CVE-2018-19788 https://github.com/d4gh0s7/CVE-2018-19788 https://github.com/jhlongjr/CVE-2018-19788 https://access.redhat.com/errata/RHSA-2019:2046 https://access.redhat.com/errata/RHSA-2019:3232 https://bugs.debian.org/915332 https://gitlab.freedesktop.org/polkit/polkit/issues/74 https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html https://security.gentoo.org/glsa/201908-14 https://usn.ubuntu.com/3861-1 https://usn.ubu • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19787
https://notcve.org/view.php?id=CVE-2018-19787
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. Se ha descubierto un problema en lxml en versiones anteriores a la 4.2.5. lxml/html/clean.py en el módulo lxml.html.clean no elimina las URL javascript: que utilizan escapado, permitiendo que un atacante remoto realice ataques Cross-Site Scripting (XSS), tal y como queda demostrado con "j a v a s c r i p t:" en Internet Explorer. Este es un problema aparte, pero similar a CVE-2014-3146. • https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 https://lists.debian.org/debian-lts-announce/2018/12/msg00001.html https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html https://usn.ubuntu.com/3841-1 https://usn.ubuntu.com/3841-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 1CVE-2018-18313 – perl: Heap-based buffer read overflow in S_grok_bslash_N()
https://notcve.org/view.php?id=CVE-2018-18313
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de búfer mediante una expresión regular manipulada que desencadena la divulgación de información sensible de la memoria del proceso. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://bugzilla.redhat.com/show_bug.cgi?id=1646738 https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://rt& • CWE-125: Out-of-bounds Read •