CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18492 – Mozilla: Use-after-free with select element
https://notcve.org/view.php?id=CVE-2018-18492
12 Dec 2018 — A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada tras el borrado de un elemento de selección debido a una referencia débil a dicho elemento en la colección de opciones. Esto resulta en un cierre inesperado ... • http://www.securityfocus.com/bid/106168 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12405 – Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
https://notcve.org/view.php?id=CVE-2018-12405
12 Dec 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 63 and Firefox ESR 60.3. Algunos de esto... • http://www.securityfocus.com/bid/106168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2018-18356 – mozilla: Use after free in Skia
https://notcve.org/view.php?id=CVE-2018-18356
11 Dec 2018 — An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en el manejo de rutas conduce a un uso de memoria previamente liberada en Skia en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2018-19854 – kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c
https://notcve.org/view.php?id=CVE-2018-19854
04 Dec 2018 — An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). Se ha descubierto un problema en el kern... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43f39958beb206b53292801e216d9b8a660f087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-19840 – wawpack: Infinite loop in WavpackPackInit function lead to DoS
https://notcve.org/view.php?id=CVE-2018-19840
04 Dec 2018 — The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. La función WavpackPackInit en pack_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (agotamiento de recursos provocado por un bucle infinito) mediante un archivo ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-19841 – wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS
https://notcve.org/view.php?id=CVE-2018-19841
04 Dec 2018 — The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. La función WavpackVerifySingleBlock en open_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo WavPack... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-19824 – kernel: Use-after-free in sound/usb/card.c:usb_audio_probe()
https://notcve.org/view.php?id=CVE-2018-19824
03 Dec 2018 — In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. En el kernel de Linux hasta la versión 4.19.6, un usuario local podría explotar memoria previamente liberada en el controlador ALSA suministrando un dispositivo de sonido USB malicioso (con cero interfaces) que no se maneja correctamente en usb_audio_probe en sound/usb/card.c. A flaw was ... • http://www.securityfocus.com/bid/106109 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 5CVE-2018-19788 – polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass
https://notcve.org/view.php?id=CVE-2018-19788
03 Dec 2018 — A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Se ha detectado un fallo en PolicyKit (también conocido como polkit) 0.115 que permite que un usuario con una uid mayor que INT_MAX ejecute con éxito cualquier comando systemctl. • https://github.com/AbsoZed/CVE-2018-19788 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
30 Nov 2018 — Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 1CVE-2018-18312 – perl: Heap-based buffer overflow in S_handle_regex_sets()
https://notcve.org/view.php?id=CVE-2018-18312
30 Nov 2018 — Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://www.securityfocus.com/bid/106179 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •