CVSS: 8.8EPSS: 82%CPEs: 9EXPL: 0CVE-2018-1058 – postgresql: Uncontrolled search path element in pg_dump and other client applications
https://notcve.org/view.php?id=CVE-2018-1058
02 Mar 2018 — A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. Se ha encontrado un error en la forma en la que Postgresql permitía que un usuario modificase el comportamiento de una consulta para otros usuarios. Un atacante con una cuenta de usuario podría emplear este error para ejecutar código con permisos de ... • http://www.securityfocus.com/bid/103221 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 0CVE-2017-18209 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18209
01 Mar 2018 — In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. En la función GetOpenCLCachedFilesDirectory en magick/opencl.c en ImageMagick 7.0.7, una vulnerabilidad de desreferencia de puntero NULL ocurre debido a que no se comprueba un resultado de asignación de memoria. Esto se relaciona con GetOpenCLCacheDirectory. It was discovered that ImageMag... • http://www.securityfocus.com/bid/103218 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2017-18211 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18211
01 Mar 2018 — In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. En ImageMagick 7.0.7, se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en la función saveBinaryCLProgram en magick/opencl.c debido a que no se comprueba un resultado de búsqueda de programa. Esto se relaciona con CacheOpenCLKernel. It was discovered that ImageMagick incorrectly handled... • http://www.securityfocus.com/bid/103220 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 76%CPEs: 11EXPL: 2CVE-2018-7584 – PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-7584
01 Mar 2018 — In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. En PHP hasta la versión 5.6.33, versiones 7.0.x anteriores a la 7.0.28, versiones 7.1.x hasta la 7.1.14 y versiones 7.2.x hasta la 7.2.2, hay una sublectura de búfer basada en pila al analizar una respuesta HTTP en... • https://packetstorm.news/files/id/148068 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 25%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
01 Mar 2018 — A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhc... • http://www.securityfocus.com/bid/103188 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
01 Mar 2018 — The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor ... • http://www.securityfocus.com/bid/103181 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2018-7184 – Ubuntu Security Notice USN-3707-1
https://notcve.org/view.php?id=CVE-2018-7184
01 Mar 2018 — ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, envía paquetes malos antes de actualizar la marca de tiempo "received"... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 7.5EPSS: 12%CPEs: 63EXPL: 0CVE-2018-7185 – Ubuntu Security Notice USN-3707-2
https://notcve.org/view.php?id=CVE-2018-7185
01 Mar 2018 — The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. El motor de protocolo en ntp, en versiones 4.2.6 anteriores a la 4.2.8p11, permite que atacantes remotos provoquen una denegación de servicio (interrupción) mediante el envío continuado de un paquete con una marc... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 6.5EPSS: 2%CPEs: 51EXPL: 2CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
28 Feb 2018 — The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patró... • https://github.com/knqyf263/CVE-2018-1304 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7549 – zsh: crash on copying empty hash table
https://notcve.org/view.php?id=CVE-2018-7549
27 Feb 2018 — In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. En params.c en zsh, hasta la versión 5.4.2, hay un cierre inesperado durante la copia de una tabla de hashes vacía, tal y como demuestra typeset -p. A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. It was discovered that Zsh incorrectly handled... • https://access.redhat.com/errata/RHSA-2018:3073 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •