CVE-2018-1060 – python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
https://notcve.org/view.php?id=CVE-2018-1060
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastrófico en el método apop () de pop3lib. Un atacante podría usar este fallo para causar la denegación de servicio. A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securitytracker.com/id/1042001 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:3725 https://bugs.python.org/issue32981 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060 https://docs.python.org/ • CWE-20: Improper Input Validation •
CVE-2018-1000199 – kernel: ptrace() incorrect error handling leads to corruption and DoS
https://notcve.org/view.php?id=CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. El kernel de Linux en su versión 3.18 contiene una vulnerabilidad de funcionalidad peligrosa en modify_user_hw_breakpoint() que puede resultar en un cierre inesperado y en una posible corrupción de memoria. El ataque parece ser explotable mediante la ejecución de código local y la capacidad de usar ptrace. • https://github.com/dsfau/CVE-2018-1000199 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.securitytracker.com/id/1040806 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-460: Improper Cleanup on Thrown Exception •
CVE-2018-10583 – LibreOffice/Open Office - '.odt' Information Disclosure
https://notcve.org/view.php?id=CVE-2018-10583
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Ocurre una vulnerabilidad de divulgación de información cuando LibreOffice 6.0.3 y Apache OpenOffice Writer 4.1.5 procesan automáticamente e inician una conexión SMB embebida en un archivo malicioso, tal y como queda demostrado con xlink:href=file://192.168.0.2/test.jpg en un elemento office:document-content en un documento XML .odt. Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. • https://www.exploit-db.com/exploits/44564 https://github.com/MrTaherAmine/CVE-2018-10583 https://github.com/octodi/CVE-2018-10583 http://seclists.org/fulldisclosure/2020/Oct/26 http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files https://access.redhat.com/errata/RHSA-2018:3054 https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-10392 – libvorbis: heap buffer overflow in mapping0_forward function
https://notcve.org/view.php?id=CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. mapping0_forward en mapping0.c en Xiph.Org libvorbis 1.3.6 no valida el número de canales, lo que permite que atacantes remotos provoquen una denegación de servicio (desbordamiento o sobrelectura de búfer basada en memoria dinámica o heap) o provocar cualquier otro tipo de problema mediante un archivo manipulado. A heap-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. • https://access.redhat.com/errata/RHSA-2019:3703 https://gitlab.xiph.org/xiph/vorbis/issues/2335 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 https://access.redhat.com/security/cve/CVE-2018-10392 https://bugzilla.redhat.com/show_bug.cgi?id=1574193 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2018-10393 – libvorbis: stack buffer overflow in bark_noise_hybridmp function
https://notcve.org/view.php?id=CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. bark_noise_hybridmp en psy.c en Xiph.Org libvorbis 1.3.6 tiene una sobrelectura de búfer basada en pila. A stack-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. • https://access.redhat.com/errata/RHSA-2019:3703 https://gitlab.xiph.org/xiph/vorbis/issues/2334 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 https://access.redhat.com/security/cve/CVE-2018-10393 https://bugzilla.redhat.com/show_bug.cgi?id=1574194 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •