CVSS: 9.8EPSS: 22%CPEs: 18EXPL: 0CVE-2018-5102 – Mozilla: Use-after-free in HTML media elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5102
24 Jan 2018 — A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos HTML media con media streams, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las vers... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2018-5103 – Mozilla: Use-after-free during mouse event handling (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5103
24 Jan 2018 — A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante el manejo de eventos de ratón debido a problemas con el soporte multiproceso. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 22%CPEs: 18EXPL: 0CVE-2018-5104 – Mozilla: Use-after-free during font face manipulation (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5104
24 Jan 2018 — A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante la manipulación de font-face cuando una regla font face se libera mientras se utiliza, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las ve... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2018-5117 – Mozilla: URL spoofing with right-to-left text aligned left-to-right (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5117
24 Jan 2018 — If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Si se utiliza texto de derecha a izquierda en la barra de direcciones con alineación de izquierda a derecha... • http://www.securityfocus.com/bid/102783 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.0EPSS: 0%CPEs: 18EXPL: 1CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine
https://notcve.org/view.php?id=CVE-2018-5683
23 Jan 2018 — The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was ... • http://www.openwall.com/lists/oss-security/2018/01/15/2 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15105 – Ubuntu Security Notice USN-3673-1
https://notcve.org/view.php?id=CVE-2017-15105
23 Jan 2018 — A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. Se ha encontrado un error en la forma en la que unbound, en versiones anteriores a la 1.6.8, validaba los registros NSEC sintetizados con caracteres comodín. Un registro con caracteres comodín NSEC validado incorrectamente podría empl... • http://www.securityfocus.com/bid/102817 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.1EPSS: 2%CPEs: 20EXPL: 2CVE-2018-5950 – mailman: Cross-site scripting (XSS) vulnerability in web UI
https://notcve.org/view.php?id=CVE-2018-5950
23 Jan 2018 — Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de usuario web en Mailman en versiones anteriores a la 2.1.26 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una URL user-options. A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, ... • https://packetstorm.news/files/id/159761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service
https://notcve.org/view.php?id=CVE-2016-10708
21 Jan 2018 — sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y p... • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2018-5784 – Debian Security Advisory 4349-1
https://notcve.org/view.php?id=CVE-2018-5784
19 Jan 2018 — In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. En LibTIFF 4.0.9, hay un consumo no controlado de recursos en la función TIFFSetDirectory de tif_dir.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para pr... • http://bugzilla.maptools.org/show_bug.cgi?id=2772 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-2612 – mysql: InnoDB unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2612
18 Jan 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequ... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •