CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7729 – Ubuntu Security Notice USN-3668-1
https://notcve.org/view.php?id=CVE-2018-7729
06 Mar 2018 — An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. Se ha descubierto un problema en Exempi hasta su versión 2.4.4. Hay una sobrelectura de búfer basada en pila en la función PostScript_MetaHandler::ParsePSFile() en XMPFiles/source/FileHandlers/PostScript_Handler.cpp. It was discovered that Exempi incorrectly handled certain media files. • https://bugs.freedesktop.org/show_bug.cgi?id=105206 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-7730 – exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file
https://notcve.org/view.php?id=CVE-2018-7730
06 Mar 2018 — An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. Se ha descubierto un problema en Exempi hasta su versión 2.4.4. Cierto caso de longitud 0xffffffff se gestiona de manera incorrecta en XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, lo que conduce a una sobrelectura de búfer basada en memoria dinámica (heap) en ... • https://access.redhat.com/errata/RHSA-2019:2048 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7731 – Ubuntu Security Notice USN-3668-1
https://notcve.org/view.php?id=CVE-2018-7731
06 Mar 2018 — An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. Se ha descubierto un problema en Exempi hasta su versión 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp no comprueba si un bitstream tiene un valor NULL, lo que conduce a una desreferencia de puntero NULL en la clase WEBP::VP8XChunk. It was discovered that Exempi incorrectly handled cert... • https://bugs.freedesktop.org/show_bug.cgi?id=105247 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7725 – zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
https://notcve.org/view.php?id=CVE-2018-7725
06 Mar 2018 — An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. Se ha descubierto un problema en ZZIPlib 0.13.68. Se ha descubierto una desreferencia de dirección de memoria inválida en zzip_disk_fread en mmapped.c. • https://access.redhat.com/errata/RHSA-2018:3229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7726 – zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file
https://notcve.org/view.php?id=CVE-2018-7726
06 Mar 2018 — An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. Se ha descubierto un problema en ZZIPlib 0.13.68. Hay un error de bus provocado por la función __zzip_parse_root_directory de zip.c. • https://access.redhat.com/errata/RHSA-2018:3229 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7073 – Ubuntu Security Notice USN-3590-1
https://notcve.org/view.php?id=CVE-2018-7073
06 Mar 2018 — A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. Se ha identificado una vulnerabilidad de modificación de archivos arbitrarios locales en HPE Moonshot Provisioning Manager en versiones anteriores a la v1.24. It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. It was discovered that Irssi incorrectly handled certain nick names. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03843en_us • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 1%CPEs: 11EXPL: 0CVE-2018-7536 – django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
https://notcve.org/view.php?id=CVE-2018-7536
06 Mar 2018 — An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Se ha descubierto un problema en Django, en versiones 2.0 anteriores a la 2.0.3; versiones... • http://www.securityfocus.com/bid/103361 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 1%CPEs: 9EXPL: 0CVE-2018-7537 – django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
https://notcve.org/view.php?id=CVE-2018-7537
06 Mar 2018 — An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. Se ha descubierto un problema en Django, en ver... • http://www.securityfocus.com/bid/103357 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 79%CPEs: 11EXPL: 3CVE-2018-1000115 – Memcached Stats Amplification Scanner
https://notcve.org/view.php?id=CVE-2018-1000115
05 Mar 2018 — Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. Memcached 1.5.5 cont... • https://packetstorm.news/files/id/180943 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 1%CPEs: 6EXPL: 0CVE-2017-15130 – Debian Security Advisory 4130-1
https://notcve.org/view.php?id=CVE-2017-15130
02 Mar 2018 — A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. Se ha descubierto un error de denegación de servicio (DoS) en dovecot en versiones anteriores a la 2.2.34. Un atacante que pueda generar nombres aleatorios del servidor SNI podría explotar las búsquedas de configuración TLS SNI, lo que conduce a un uso excesivo de memoria y al reinicio del ... • http://seclists.org/oss-sec/2018/q1/205 • CWE-400: Uncontrolled Resource Consumption •