CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2018-12374 – thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field
https://notcve.org/view.php?id=CVE-2018-12374
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. El texto plano de los emails descifrados puede ser filtrado por usuarios que envían un formulario embebido al presionar la tecla enter en un campo de introducción de texto. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.9. • http://www.securityfocus.com/bid/104613 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1462910 https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3714-1 https://www.debian.org/security/2018/dsa-4244 https://www.mozilla.org/security/advisories/mfsa2018-18 https://access.redhat.com/security/cve/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. La función inode_init_owner en fs/inode.c en el kernel de Linux hasta la versión 3.16 permite a los usuarios locales crear archivos con una propiedad de grupo no deseada, en un escenario donde un directorio es SGID a un cierto grupo y es escribible por un usuario que no es miembro de ese grupo. • https://www.exploit-db.com/exploits/45033 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 http://openwall.com/lists/oss-security/2018/07/13/2 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0717 https://access.redhat.com/errata/RHSA- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5188 – Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9
https://notcve.org/view.php?id=CVE-2018-5188
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60, Firefox ESR 60 y Firefox ESR 52.8. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104555 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5156 – Mozilla: Media recorder segmentation fault when track type is changed during capture
https://notcve.org/view.php?id=CVE-2018-5156
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad al capturar una transmisión de medios cuando el tipo de origen de medios se cambia al mismo tiempo que se realiza la captura. Esto puede resultar en que los datos de transmisión se envían al tipo erróneo, lo que provoca un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/104560 http://www.securitytracker.com/id/1041193 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://bugzilla.mozilla.org/show_bug.cgi?id=1453127 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com&# • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •