CVSS: 9.8EPSS: 8%CPEs: 15EXPL: 1CVE-2018-8787 – freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function
https://notcve.org/view.php?id=CVE-2018-8787
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función gdi_Bitmap_Decompress() y que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions before versions 2.0.0-rc4. An integer overflow that leads to a heap-based buffer overflow in the gdi_Bitmap_Decompress() function leads to memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https://access.redhat.com/security/cve/CVE-2018-8787 https://bugzilla.redhat.com/show_bug.cgi?id=1671361 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 8%CPEs: 9EXPL: 1CVE-2018-8788 – freerdp: Out-of-bounds write in nsc_rle_decode() function
https://notcve.org/view.php?id=CVE-2018-8788
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene una escritura fuera de límites de hasta 4 bytes en la función nsc_rle_decode() que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions before 2.0.0-rc4. An out-of-bounds write of up to 4 bytes in the nsc_rle_decode() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659 https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https://access.redhat.com/security/cve/CVE-2018-8788 https://bugzilla.redhat.com/show_bug.cgi?id=1671363 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-16841
https://notcve.org/view.php?id=CVE-2018-16841
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. Samba, desde la versión 4.3.0 antes de las versiones 4.7.12, 4.8.7 y 4.9.3, es vulnerable a una denegación de servicio (DoS). Cuando se configura para aceptar la autenticación por smartcard, el KDC de Samba llamará a talloc_free() dos veces en la misma memoria si la entidad de seguridad en un certificado firmado de forma válida no coincide con la entidad en AS-REQ. • http://www.securityfocus.com/bid/106023 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841 https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-16841.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16851
https://notcve.org/view.php?id=CVE-2018-16851
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desde la versión 4.0.0 antes de las versiones 4.7.12, 4.8.7 y 4.9.3, es vulnerable a una denegación de servicio (DoS). • http://www.securityfocus.com/bid/106027 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-16851.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14629
https://notcve.org/view.php?id=CVE-2018-14629
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-14629.html • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •