Log

CVE-2018-20593 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
References
+ https://github.com/michaelrsweet/mxml/issues/237
+ https://github.com/michaelrsweet/mxml/commit/eadf40fa7049e43dd5757df5945e9ec1c491e8a4
Notes
CVE-2018-20685 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Insufficient validation
Description
+ In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
References
+ https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
+ https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Notes
CVE-2018-20712 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.
References
+ http://www.securityfocus.com/bid/106563
+ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
+ https://sourceware.org/bugzilla/show_bug.cgi?id=24043
Notes
CVE-2018-20751 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
References
+ https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
+ https://sourceforge.net/p/podofo/tickets/33/
+ https://sourceforge.net/p/podofo/code/1954
Notes
CVE-2018-20781 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
References
+ https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2
+ https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
Notes
CVE-2018-3615 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
References
+ https://foreshadowattack.eu/
Notes
+ Intel specific
+
+ Versions with mitigation's:
+ 4.14.63
+ 4.17.15
+ 4.18.1
CVE-2018-3620 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
References
+ https://access.redhat.com/errata/RHSA-2018:2384
Notes
CVE-2018-3646 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
References
+ https://access.redhat.com/errata/RHSA-2018:2384
Notes
CVE-2018-3740 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
References
Notes
+ Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.
CVE-2018-4101 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A security issue has been found in WebKitGTK+ < 2.20.0, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2018-0003.html
Notes