Log

CVE-2018-6952 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.
References
+ https://savannah.gnu.org/bugs/?53133
+ https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
Notes
CVE-2018-6954 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Arbitrary file overwrite
Description
+ systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
References
+ https://github.com/systemd/systemd/issues/7986
+ https://github.com/systemd/systemd/pull/8822
Notes
CVE-2018-7050 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
References
+ https://irssi.org/security/irssi_sa_2018_02.txt
+ https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703
Notes
CVE-2018-7051 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
References
+ https://irssi.org/security/irssi_sa_2018_02.txt
+ https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
Notes
CVE-2018-7052 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
References
+ https://irssi.org/security/irssi_sa_2018_02.txt
+ https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
Notes
CVE-2018-7053 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
References
+ https://irssi.org/security/irssi_sa_2018_02.txt
+ https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
Notes
CVE-2018-7054 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits.
References
+ https://irssi.org/security/irssi_sa_2018_02.txt
+ https://github.com/irssi/irssi/issues/819
+ https://github.com/irssi/irssi/commit/5c5ed64180a6b76315ee7b8c6000ee64ad5877a7
Notes
+ This issue exists because of an incomplete fix for CVE-2017-7191.
CVE-2018-7170 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Content spoofing
Description
+ ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify which IPs can serve time, a malicious authenticated peer -- i.e. one where the attacker knows the private symmetric key -- can create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock.
References
+ http://support.ntp.org/bin/view/Main/NtpBug3415
Notes
CVE-2018-7173 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
References
+ https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
Notes
CVE-2018-7174 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
References
+ https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
Notes