CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5168 – Mozilla: Lightweight themes can be installed without user interaction
https://notcve.org/view.php?id=CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Los sitios pueden omitir las comprobaciones de seguridad de los permisos para instalar temas ligeros manipulando la propiedad "baseURI" del elemento theme. Esto podría permitir que un sitio malicioso instale un tema sin la interacción del usuario que podría contener imágenes ofensivas o embarazosas. • http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1449548 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 2CVE-2018-5158 – pdf.js < 2.0.943 - Authenticated (Author+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5158
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. El visor de PDF no sanea suficientemente las funciones de la calculadora PostScript, lo que permite inyectar JavaScript malicioso a través de un archivo PDF manipulado. Este JavaScript puede ser ejecutado por su worker con los permisos del visor de PDF. • https://github.com/ppcrab/CVE-2018-5158 https://github.com/puzzle-tools/-CVE-2018-5158.pdf http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://bugzilla.mozilla.org/show_bug.cgi?id=1452075 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3645-1 https& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10982
https://notcve.org/view.php?id=CVE-2018-10982
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (número de interrupción sorprendentemente alto, sobrescritura del array y cierre inesperado del hipervisor) o ganen privilegios del hipervisor estableciendo un temporizador HPET para realizar interrupciones en el modo IO-APIC. Esto también se conoce como inyección de interrupción vHPET. • http://openwall.com/lists/oss-security/2018/05/08/2 http://www.securityfocus.com/bid/104150 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4201 https://xenbits.xen.org/xsa/advisory-261.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10981
https://notcve.org/view.php?id=CVE-2018-10981
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (bucle infinito del sistema operativo del host) en situaciones en las que un modelo de dispositivo QEMU intenta realizar transiciones no válidas entre estados de una petición. • http://openwall.com/lists/oss-security/2018/05/08/3 http://www.securityfocus.com/bid/104149 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4201 https://xenbits.xen.org/xsa/advisory-262.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1118 – kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. El vhost del kernel de Linux desde la versión 4.8 no inicializa correctamente la memoria en los mensajes que se pasan entre invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Esto puede permitir que usuarios con privilegios locales lean el contenido de la memoria del kernel al leer del archivo de dispositivo /dev/vhost-net. The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3762-1 https://usn.ubuntu.com/3762-2 https://access.redhat.com/security/cve/CVE-2018-1118 https://bugzilla.redhat.com/show_bug.cgi?id=1573699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •