CVSS: 6.5EPSS: 2%CPEs: 17EXPL: 0CVE-2018-12396 – Mozilla: WebExtension content scripts can execute in disallowed contexts
https://notcve.org/view.php?id=CVE-2018-12396
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Una vulnerabilidad en la que WebExtensions pueden ejecutar scripts de contenido en contextos no permitidos tras una navegación u otros eventos. Esto permite el escalado de privilegios potencial mediante WebExtensions en sitios en los que los scripts de contenido no deberían ejecutarse. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1483602 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-12392 – Mozilla: Crash with nested event loops
https://notcve.org/view.php?id=CVE-2018-12392
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Al manipular los eventos de usuario en bucles anidados durante la apertura de un documento mediante script, es posible desencadenar un cierre inesperado potencialmente explotable debido a la mala gestión de eventos. Esta vulnerabilidad afecta a las versiones anteriores a la 63 de Firefox, las versiones anteriores a la 60.3 de Firefox ESR y las versiones anteriores a la 60.3 de Thunderbird. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/show_bug.cgi?id=1492823 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://lists.debian.org/debian-lts-announ • CWE-364: Signal Handler Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 1CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation
https://notcve.org/view.php?id=CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0188 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2020:0174 https://blogs.securiteam.com/index.php/archives/3731 https://access.redhat.com/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 17EXPL: 1CVE-2018-18284 – ghostscript: 1Policy operator allows a sandbox protection bypass
https://notcve.org/view.php?id=CVE-2018-18284
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con el operador 1Policy. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b http://www.openwall.com/lists/oss-security/2018/10/16/2 http://www.securityfocus.com/bid/107451 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 https://bugs.ghostscript.com/show_bug.cgi?id=699963 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https:&#x •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-18445 – kernel: Faulty computation of numberic bounds in the BPF verifier
https://notcve.org/view.php?id=CVE-2018-18445
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. En el kernel de Linux 4.14.x, 4.15.x, 4.16.x, 4.17.x y versiones 4.18.x anteriores a la 4.18.13, el cálculo incorrecto de enlaces numéricos en el verificador BPF permite accesos a la memoria fuera de límites debido a que adjust_scalar_min_max_vals en kernel/bpf/verifier.c gestiona de manera incorrecta los desplazamientos a la derecha de 32 bits. A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user ("root") this can lead to a system panic and a denial of service or other unspecified impact. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://bugs.chromium.org/p/project-zero/issues/detail?id=1686 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13 https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https:/&# • CWE-125: Out-of-bounds Read •