CVE-2018-10894 – keycloak: auth permitted with expired certs in SAML client
https://notcve.org/view.php?id=CVE-2018-10894
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. Se ha descubierto que la autenticación SAML en Keycloak 3.4.3.Final autenticaba incorrectamente los certificados caducados. Un usuario malicioso podría aprovecharse de esto para acceder a datos no autorizados o, posiblemente, llevar a cabo más ataques. • https://access.redhat.com/errata/RHSA-2018:3592 https://access.redhat.com/errata/RHSA-2018:3593 https://access.redhat.com/errata/RHSA-2018:3595 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894 https://access.redhat.com/security/cve/CVE-2018-10894 https://bugzilla.redhat.com/show_bug.cgi?id=1599434 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •
CVE-2018-10897 – yum-utils: reposync: improper path validation may lead to directory traversal
https://notcve.org/view.php?id=CVE-2018-10897
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected. Se ha detectado un problema de salto de directorio en reposync, de yum-utils, en el que reposync falla a la hora de sanear rutas en los archivos de configuración del repositorio remoto. • http://www.securitytracker.com/id/1041594 https://access.redhat.com/errata/RHSA-2018:2284 https://access.redhat.com/errata/RHSA-2018:2285 https://access.redhat.com/errata/RHSA-2018:2626 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897 https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c https://github.com/rpm-software-management/yum-utils/pull/43 https • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2018-6153 – chromium-browser: Stack buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-6153
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Un error de precisión en Skia en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto que hubiese comprometido el proceso renderer pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/850350 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6153 https://bugzilla.redhat.com/show_bug.cgi?id=1608177 • CWE-787: Out-of-bounds Write •
CVE-2018-6167 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6167
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/833143 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6167 https://bugzilla.redhat.com/show_bug.cgi?id=1608191 •
CVE-2018-6152 – chromium-browser: Local file write in DevTools
https://notcve.org/view.php?id=CVE-2018-6152
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. La implementación del backend Page.downloadBehavior marcaba incondicionalmente los archivos descargados como seguros, independientemente del tipo de archivo en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante convenza a un usuario para que realice un escape del sandbox mediante una página HTML manipulada y la interacción del usuario. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/805445 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6152 https://bugzilla.redhat.com/show_bug.cgi?id=1608208 • CWE-434: Unrestricted Upload of File with Dangerous Type •