Log

CVE-2018-6542 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.
References
+ https://github.com/gdraheim/zziplib/issues/17
+ https://github.com/gdraheim/zziplib/pull/26/commits/938011cd60f5a8a2a16a49e5f317aca640cf4110
Notes
CVE-2018-6544 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
References
+ https://bugs.ghostscript.com/show_bug.cgi?id=698965
+ https://bugs.ghostscript.com/show_bug.cgi?id=698830
+ https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b03def134988da8c800adac1a38a41a1f09a1d89
+ https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=26527eef77b3e51c2258c8e40845bfbc015e405d
Notes
CVE-2018-6556 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary filesystem access
Description
+ lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
References
+ https://bugzilla.suse.com/show_bug.cgi?id=988348
+ http://seclists.org/oss-sec/2018/q3/81
Notes
CVE-2018-6574 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
References
+ https://github.com/golang/go/issues/23672
+ https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
+ https://groups.google.com/forum/m/#!msg/golang-nuts/Gbhh1NxAjMU/dfW69X50AgAJ
Notes
CVE-2018-6767 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
References
+ https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
+ https://github.com/dbry/WavPack/issues/27
Notes
CVE-2018-6789 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
References
+ http://exim.org/static/doc/security/CVE-2018-6789.txt
+ https://marc.info/?l=oss-security&m=151828631632609
Notes
CVE-2018-6791 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary command execution
Description
+ When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, it's interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example of offending volume label is "$(touch b)" which will create a file called b in the home folder.
References
+ https://www.kde.org/info/security/advisory-20180208-2.txt
Notes
+ workaround: Mount removable devices with Dolphin instead of the device notifier.
CVE-2018-6869 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An uncontrolled memory allocation was found in ZZIPlib before 0.13.68 that could lead to a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
References
+ https://github.com/gdraheim/zziplib/issues/22
+ https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
Notes
CVE-2018-6942 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue was discovered in FreeType 2 before 2.9.1. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to denial of service via a crafted font file.
References
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
+ https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
Notes
CVE-2018-6951 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
References
+ https://savannah.gnu.org/bugs/?53132
+ https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
Notes