Log

CVE-2018-0202 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap overflow has been discovered in ClamAv before 0.99.4 in pdf_parse_string possibly leading to arbitrary code execution by inspecting a specially crafted PDF file.
References
+ https://bugzilla.clamav.net/show_bug.cgi?id=11973
+ https://bugzilla.clamav.net/show_bug.cgi?id=11980
+ https://github.com/Cisco-Talos/clamav-devel/commit/87aaa10b29476958f5bf54b6119a133069f944fc
+ https://github.com/Cisco-Talos/clamav-devel/commit/700ed96af56077cb1a9bff7b91d21db112f6465d
+ https://github.com/Cisco-Talos/clamav-devel/commit/0df2fedf2805e574512c486b32a0fff4ed394560
+ https://github.com/Cisco-Talos/clamav-devel/commit/495fce917445063d519f14b0009cee025f817bc3
+ https://github.com/Cisco-Talos/clamav-devel/commit/99eadf7a9ad351210165312362d1f32b77c6f857
Notes
CVE-2018-0487 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ ARM mbed TLS before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
References
+ https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Notes
CVE-2018-0488 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ ARM mbed TLS before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
References
+ https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Notes
CVE-2018-0492 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ beep through version 1.3.4 is vulnerable to local privilege escalation if the setuid bit is set for the beep binary.
References
+ https://github.com/johnath/beep/issues/11
Notes
CVE-2018-0495 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Private key recovery
Description
+ An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or SSH connection, they inadvertently leak information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the private key.
References
+ https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=9010d1576e278a4274ad3f4aa15776c28f6ba965;hp=7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf
+ https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
+ https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
Notes
CVE-2018-0497 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ A remote plaintext recovery security issue has been found in Mbed TLS before 2.12.0, 2.7.5 or 2.1.14, when using a CBC based ciphersuite. To be able to mount an attack, the attacker has to be able to observe and manipulate network packets and, for TLS, to be able to generate multiple sessions where the same plaintext is sent. For DTLS a single session is sufficient. The attacker can then partially recover the plaintext of messages exploiting timing side-channels. The attack is feasible for all versions of TLS and DTLS, from 1.0 to 1.2.
References
+ https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
Notes
CVE-2018-0500 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It has been discovered that curl before 7.61.0 might overflow a heap based memory buffer when sending data over SMTP and using a reduced read buffer.
+
+ When sending data over SMTP, curl allocates a separate "scratch area" on the heap to be able to escape the uploaded data properly if the uploaded data contains data that requires it. The size of this temporary scratch area was mistakenly made to be 2 * sizeof(download_buffer) when it should have been made 2 * sizeof(upload_buffer). The upload and the download buffer sizes are identically sized by default (16KB) but since version 7.54.1, curl can resize the download buffer into a smaller buffer (as well as larger). If the download buffer size is set to a value smaller than 10923, the Curl_smtp_escape_eob() function might overflow the scratch buffer when sending contents of sufficient size and contents. The curl command line tool lowers the buffer size when --limit-rate is set to a value smaller than 16KB.
References
+ https://curl.haxx.se/docs/adv_2018-70a2.html
Notes
CVE-2018-0502 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Insufficient validation
Description
+ An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
References
+ https://bugs.debian.org/908000
+ https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
Notes
CVE-2018-0503 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
References
+ https://phabricator.wikimedia.org/T169545
+ https://github.com/wikimedia/mediawiki/commit/befd48c5f7d3d073de96c87375d7380f6187deb6
Notes
CVE-2018-0505 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock.
References
+ https://phabricator.wikimedia.org/T194605
+ https://github.com/wikimedia/mediawiki/commit/ff6b4cb35c1944870fcd3cc525884790c20819b3
Notes