CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-19407
https://notcve.org/view.php?id=CVE-2018-19407
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. La función vcpu_scan_ioapic en arch/x86/kvm/x86.c en el kernel de Linux hasta la versión 4.19.2 permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULLy error) mediante llamadas del sistema manipuladas que alcanzan una situación donde ioapic no está inicializado. • http://www.securityfocus.com/bid/105987 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lkml.org/lkml/2018/11/20/580 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https://usn.ubuntu.com/3878-2 https://usn.ubuntu.com/3879-1 https://usn.ubuntu.com/3879-2 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19210
https://notcve.org/view.php?id=CVE-2018-19210
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. En LibTIFF 4.0.9, hay una desreferencia de puntero NULL en la función TIFFWriteDirectorySec en tif_dirwrite.c que conducirá a un ataque de denegación de servicio (DoS), tal y como queda demostrado con tiffset. • http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html http://www.securityfocus.com/bid/105932 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19149 – poppler: NULL pointer dereference in _poppler_attachment_new
https://notcve.org/view.php?id=CVE-2018-19149
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. Poppler en versiones anteriores a 0.70.0 tiene una desreferencia de puntero NULL en _poppler_attachment_new cuando se llama desde poppler_annot_fichero_attachment_attachment_get_attachment. • http://www.securityfocus.com/bid/106031 https://access.redhat.com/errata/RHSA-2019:2022 https://gitlab.freedesktop.org/poppler/poppler/issues/664 https://security.gentoo.org/glsa/201904-04 https://usn.ubuntu.com/3837-1 https://usn.ubuntu.com/3837-2 https://access.redhat.com/security/cve/CVE-2018-19149 https://bugzilla.redhat.com/show_bug.cgi?id=1649457 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19060 – poppler: pdfdetach utility does not validate save paths
https://notcve.org/view.php?id=CVE-2018-19060
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. Se ha descubierto un problema en Poppler 0.71.0. Hay una desreferencia de puntero NULL en goo/GooString.h, que conducirá a una denegación de servicio (DoS), tal y como queda demostrado con utils/pdfdetach.cc al no validar el nombre de archivos embebidos antes de construir una ruta de guardado. • https://access.redhat.com/errata/RHSA-2019:2022 https://gitlab.freedesktop.org/poppler/poppler/issues/660 https://usn.ubuntu.com/3837-1 https://access.redhat.com/security/cve/CVE-2018-19060 https://bugzilla.redhat.com/show_bug.cgi?id=1649450 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19059 – poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc
https://notcve.org/view.php?id=CVE-2018-19059
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. Se ha descubierto un problema en Poppler 0.71.0. Hay una lectura fuera de límites en EmbFile::save2 en FileSpec.cc, que conducirá a una denegación de servicio (DoS), tal y como queda demostrado con utils/pdfdetach.cc al no validar archivos embebidos antes de guardar los intentos. • https://access.redhat.com/errata/RHSA-2019:2022 https://gitlab.freedesktop.org/poppler/poppler/issues/661 https://usn.ubuntu.com/3837-1 https://access.redhat.com/security/cve/CVE-2018-19059 https://bugzilla.redhat.com/show_bug.cgi?id=1649440 • CWE-125: Out-of-bounds Read •