CVSS: 9.8EPSS: 8%CPEs: 9EXPL: 1CVE-2018-8788 – freerdp: Out-of-bounds write in nsc_rle_decode() function
https://notcve.org/view.php?id=CVE-2018-8788
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene una escritura fuera de límites de hasta 4 bytes en la función nsc_rle_decode() que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions before 2.0.0-rc4. An out-of-bounds write of up to 4 bytes in the nsc_rle_decode() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659 https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https://access.redhat.com/security/cve/CVE-2018-8788 https://bugzilla.redhat.com/show_bug.cgi?id=1671363 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-16841
https://notcve.org/view.php?id=CVE-2018-16841
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. Samba, desde la versión 4.3.0 antes de las versiones 4.7.12, 4.8.7 y 4.9.3, es vulnerable a una denegación de servicio (DoS). Cuando se configura para aceptar la autenticación por smartcard, el KDC de Samba llamará a talloc_free() dos veces en la misma memoria si la entidad de seguridad en un certificado firmado de forma válida no coincide con la entidad en AS-REQ. • http://www.securityfocus.com/bid/106023 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841 https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-16841.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16851
https://notcve.org/view.php?id=CVE-2018-16851
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desde la versión 4.0.0 antes de las versiones 4.7.12, 4.8.7 y 4.9.3, es vulnerable a una denegación de servicio (DoS). • http://www.securityfocus.com/bid/106027 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-16851.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14629
https://notcve.org/view.php?id=CVE-2018-14629
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-14629.html • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16862
https://notcve.org/view.php?id=CVE-2018-16862
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. Se ha detectado un fallo de seguridad en el kernel de Linux de manera que el subsistema "cleancache" borre un inode después del truncado de archivos final (eliminación). El nuevo archivo creado con el mismo inode podría contener páginas restantes del "cleancache" y los datos antiguos del mismo, en vez de los del nuevo archivo. • http://www.securityfocus.com/bid/106009 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lore.kernel.org/patchwork/patch/1011367 https://seclists.org/oss-sec/2018/q4/169 https://usn.ubuntu.com/3879-1 https://usn.ubuntu.com/3879-2 https://usn. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •