CVSS: 7.5EPSS: 3%CPEs: 18EXPL: 0CVE-2018-12393 – Mozilla: Integer overflow during Unicode conversion while loading JavaScript
https://notcve.org/view.php?id=CVE-2018-12393
25 Oct 2018 — A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Se ha encontrado una vulnerabilidad potencial en los builds de 32 bit en la que un desbordamiento de enteros ... • http://www.securityfocus.com/bid/105718 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12397 – Mozilla: WebExtension local file permission check bypass
https://notcve.org/view.php?id=CVE-2018-12397
25 Oct 2018 — A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. WebExtensions pueden solicitar el acceso a archivos locales sin que salte un aviso de advertencia en el que consta que la extensión accederá a sus datos para... • http://www.securityfocus.com/bid/105718 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 8%CPEs: 11EXPL: 21CVE-2018-14665 – Xorg X11 Server (AIX) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-14665
25 Oct 2018 — A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Se ha descubierto un problema en versiones anteriores a la 1.20.3 de xorg-x11-server. Hay una comprobación incorrecta de permisos para las opciones -modulepath y -logfile al iniciar Xorg. • https://packetstorm.news/files/id/150295 • CWE-271: Privilege Dropping / Lowering Errors CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2018-12389 – Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12389
25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción ... • http://www.securityfocus.com/bid/105723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 5%CPEs: 19EXPL: 0CVE-2018-12392 – Mozilla: Crash with nested event loops
https://notcve.org/view.php?id=CVE-2018-12392
25 Oct 2018 — When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Al manipular los eventos de usuario en bucles anidados durante la apertura de un documento mediante script, es posible desencadenar un cierre inesperado potencialmente explotable debido a la mala gestión de eventos. Esta vulnerabilidad afecta a las versi... • http://www.securityfocus.com/bid/105718 • CWE-364: Signal Handler Race Condition •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2018-12395 – Mozilla: WebExtension bypass of domain restrictions through header rewriting
https://notcve.org/view.php?id=CVE-2018-12395
24 Oct 2018 — By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Al reescribir las cabeceras "Host: request" que utilizan la API webRequest, WebExtensions pueden omitir las restricciones de dominio mediante la fronting del dominio. Esto permitiría el acceso a dominios, cuyo acceso es normalme... • http://www.securityfocus.com/bid/105718 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1CVE-2018-18585 – libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
https://notcve.org/view.php?id=CVE-2018-18585
23 Oct 2018 — chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene "\0" como su primer o segundo carácter (como el nombre "/\0"). Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service. Versions less than 1.8 are affected. • https://access.redhat.com/errata/RHSA-2019:2049 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 1%CPEs: 16EXPL: 1CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation
https://notcve.org/view.php?id=CVE-2018-18559
22 Oct 2018 — In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Pro... • https://access.redhat.com/errata/RHBA-2019:0327 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18521 – elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
https://notcve.org/view.php?id=CVE-2018-18521
19 Oct 2018 — Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Vulnerabilidades de división entre cero en la función arlib_add_symbols() en arlib.c en elfutils 0.174 permiten que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) con un archivo ELF manipulado, tal y... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18520 – elfutils: eu-size cannot handle recursive ar files
https://notcve.org/view.php?id=CVE-2018-18520
19 Oct 2018 — An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Existe una desreferencia de dirección de memoria inválida en la función elf_end en elfutils hasta la versión v0.174. Aunque se supone que eu-size sopo... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •