CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 1CVE-2018-12386 – Mozilla: type confusion in JavaScript
https://notcve.org/view.php?id=CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Una vulnerabilidad en la asignación de registros en JavaScript puede conducir a una confusión de tipos que permite la lectura y escritura arbitrarias. Esto conduce a la ejecución remota de código en el proceso de contenido en sandbox cuando se desencadena. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493900 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12386 https:/&#x • CWE-704: Incorrect Type Conversion or Cast CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-17540
https://notcve.org/view.php?id=CVE-2018-17540
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. El plugin gmp en strongSwan en versiones anteriores a la 5.7.1 tiene un desbordamiento de búfer mediante un certificado manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html https://download.strongswan.org/security/CVE-2018-17540 https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html https://security.gentoo.org/glsa/201811-16 https://usn.ubuntu.com/3774-1 https://www.debian.org/security/2018/dsa-4309 https://www.strongswan • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9516 – kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c
https://notcve.org/view.php?id=CVE-2018-9516
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. En hid_debug_events_read de drivers/hid/hid-debug.c, hay una posible escritura fuera de límites debido a la falta de una comprobación de límites. • https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://source.android.com/security/bulletin/pixel/2018-09-01 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://www.debian.org/security/2018/dsa-4308 https://access.redhat.com/security/cve/CVE-2018-9516 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 15EXPL: 0CVE-2018-9363 – kernel: Buffer overflow in hidp_process_report
https://notcve.org/view.php?id=CVE-2018-9363
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. Hay un desbordamiento de enteros en hidp_process_report en bluetooth. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://source.android.com/security/bulletin/2018-06-01 https://usn.ubuntu.com/3797-1 https://usn.ubuntu.com/3797-2 https://usn.ubuntu.com/3820-1 https://usn.ubuntu.com/3820-2 https://usn.ubuntu.com/3820-3 https://usn.ubuntu.com/3822-1 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/460 https://github.com/SegfaultMasters/covering360/blob/master/Exiv2 https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/3852-1 https://access.redhat.com/security/cve/CVE-2018-17581 https://bugzilla.redhat.com/show_bug.cgi?id=1635045 • CWE-400: Uncontrolled Resource Consumption •