CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6032 – chromium-browser: same origin bypass in shared worker
https://notcve.org/view.php?id=CVE-2018-6032
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase los datos cross-origin del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/787103 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6032 https://bugzilla.redhat.com/show_bug.cgi?id=1538504 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6047 – chromium-browser: cross origin url leak in webgl
https://notcve.org/view.php?id=CVE-2018-6047
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. Aplicación de políticas insuficiente en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase URL de redirección del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/799847 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6047 https://bugzilla.redhat.com/show_bug.cgi?id=1538518 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6051 – chromium-browser: referrer leak in xss auditor
https://notcve.org/view.php?id=CVE-2018-6051
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. XSS Auditor en Google Chrome en versiones anteriores a la 64.0.3282.119 no aseguró que la URL de reporte estaba en el mismo origen que la página en la que estaba, lo que permitía que un atacante remoto obtuviese detalles de referrer mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/441275 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6051 https://bugzilla.redhat.com/show_bug.cgi?id=1538523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2018-5748 – libvirt: Resource exhaustion via qemuMonitorIORead() method
https://notcve.org/view.php?id=CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. qemu/qemu_monitor.c en libvirt permite que los atacantes provoquen una denegación de servicio (consumo de memoria) mediante una respuesta QEMU grande. • http://www.securityfocus.com/bid/102825 https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html https://access.redhat.com/security/cve/CVE-2018-5748 https://bugzilla.redhat.com/show_bug.cgi?id=1528396 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1047 – undertow: Path traversal in ServletResourceManager class
https://notcve.org/view.php?id=CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. Se ha encontrado un fallo en Wildfly 9.x. Una vulnerabilidad de salto de directorio a través del método org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource podría llevar a la revelación de información de archivos locales arbitrarios. A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. • https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:2938 https://bugzilla.redhat.com/show_bug.cgi?id=1528361 https://issues.jboss.org/browse/WFLY-9620 https://access.redhat.com/security/cve/CVE-2018-1047 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •