CVE-2018-0531
published 2018-04-16CVE-2018-0531: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or…
PriorityP423medium4.3CVSS 3.0
AVNACLPRLUINSUCNILAN
EPSS
0.91%
55.4th percentile
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | 3.0.0 – 4.2.6 | — |
| cybozu_inc | cybozu_garoon | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-3848 cfitsio: Stack-based buffer overflow in ffghbn() allows for potential code execution
bugzilla·2018-04-17·CVSS 8.8
CVE-2018-3848 [HIGH] CVE-2018-3848 cfitsio: Stack-based buffer overflow in ffghbn() allows for potential code execution
CVE-2018-3848 cfitsio: Stack-based buffer overflow in ffghbn() allows for potential code execution
CFITSIO through version 3.42 has a stack-based buffer overflow vulnerability in the ffghbn() function that can potentially allow an attacker to execute code via a crafted FIT image file.
External References:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes2.txt
Additional References:
https://github.com/astropy/astropy/pull/7274
Discussion:
Created cfitsio tracking bugs for this issue:
Affects: fedora-all [bug 1568184]
Affects: epel-all [bug 1568181]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/c
Bugzilla
CVE-2018-3849 cfitsio: Stack-based buffer overflow in ffghtb() allows for potential code execution
bugzilla·2018-04-17·CVSS 8.8
CVE-2018-3849 [HIGH] CVE-2018-3849 cfitsio: Stack-based buffer overflow in ffghtb() allows for potential code execution
CVE-2018-3849 cfitsio: Stack-based buffer overflow in ffghtb() allows for potential code execution
CFITSIO through version 3.42 has a stack-based buffer overflow vulnerability in the ffghtb() function that can potentially allow an attacker to execute code via a crafted FIT image file.
External References:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes2.txt
Additional References:
https://github.com/astropy/astropy/pull/7274
Discussion:
Created cfitsio tracking bugs for this issue:
Affects: fedora-all [bug 1568189]
Affects: epel-all [bug 1568186]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/c
2018-04-16
Published