CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 2CVE-2018-18751 – gettext: double free in default_add_message in read-catalog.c
https://notcve.org/view.php?id=CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Se ha descubierto un problema en GNU gettext 0.19.8. Hay una doble liberación (double free) en default_add_message en read-catalog.c, relacionado con una liberación no válida en po_gram_parse en po-gram-gen.y, tal y como queda demostrado con lt-msgfmt. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html https://access.redhat.com/errata/RHSA-2019:3643 https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption https://usn.ubuntu.com/3815-1 https:// • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-18710
https://notcve.org/view.php?id=CVE-2018-18710
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.19. Una fuga de información en cdrom_ioctl_select_disc en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para leer memoria del kernel debido a que una conversión de un long no firmado a int interfiere con la comprobación de límites. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 http://www.securityfocus.com/bid/106041 https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://usn.ubuntu.com/3846-1 https://usn.ubuntu.com/3847-1 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18690 – kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change
https://notcve.org/view.php?id=CVE-2018-18690
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. En el kernel de Linux en versiones anteriores a la 4.17, un atacante local que sea capaz de establecer atributos en un sistema de archivos xfs podría hacer que este sistema de archivos no esté operativo hasta el siguiente montaje desencadenando una condición de error no marcada. Esto se debe a que xfs_attr_shortform_addname en fs/xfs/libxfs/xfs_attr.c gestiona de manera incorrecta las operaciones ATTR_REPLACE con la conversión de un attr de forma corta a forma larga. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c http://www.securityfocus.com/bid/105753 https://bugzilla.kernel.org/show_bug.cgi?id=199119 https://bugzilla.suse.com/show_bug.cgi?id=1105025 https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian- • CWE-391: Unchecked Error Condition CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18661 – libtiff: tiff2bw tool failed memory allocation leads to crash
https://notcve.org/view.php?id=CVE-2018-18661
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. Se ha descubierto un problema en LibTIFF 4.0.9. Hay una desreferencia de puntero NULL en la función LZWDecode en tif_lzw.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2819 http://www.securityfocus.com/bid/105762 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3864-1 https://access.redhat.com/security/cve/CVE-2018-18661 https://bugzilla.redhat.com/show_bug.cgi?id=1644448 • CWE-121: Stack-based Buffer Overflow CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2018-17466 – firefox: Memory corruption in Angle
https://notcve.org/view.php?id=CVE-2018-17466
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. El manejo incorrecto de texturas en Angle en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/880906 https://lists.debian.org/debian-lts-announce/2018& • CWE-125: Out-of-bounds Read •