CVSS: 4.3EPSS: 1%CPEs: 19EXPL: 0CVE-2018-5161 – Mozilla: Hang via malformed headers
https://notcve.org/view.php?id=CVE-2018-5161
25 May 2018 — Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Las cabeceras de mensaje manipuladas pueden hacer que un proceso Thunderbird deje de responder al recibir el mensaje. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securitytracker.com/id/1040946 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5162 – Mozilla: Encrypted mail leaks plaintext through src attribute
https://notcve.org/view.php?id=CVE-2018-5162
25 May 2018 — Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El texto plano de los correos electrónicos descifrados puede filtrarse a través del atributo src de imágenes remotas o enlaces. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.3EPSS: 1%CPEs: 19EXPL: 0CVE-2018-5170 – Mozilla: Filename spoofing for external attachments
https://notcve.org/view.php?id=CVE-2018-5170
25 May 2018 — It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Es posible falsificar el nombre de archivo de un archivo adjunto y mostrar un nombre de archivo adjunto arbitrario. Esto podría llevar a un usuario a abrir un archivo adjunto remoto que es un tipo de archivo diferente al esperado. • http://www.securitytracker.com/id/1040946 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5184 – Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack
https://notcve.org/view.php?id=CVE-2018-5184
25 May 2018 — Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El uso de contenido remoto en mensajes cifrados puede conducir a la divulgación de texto en texto plano. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5185 – Mozilla: Leaking plaintext through HTML forms
https://notcve.org/view.php?id=CVE-2018-5185
25 May 2018 — Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El texto en texto plano de los correos electrónicos descifrados puede filtrarse si el usuario envía un formulario embebido. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2018-8013 – Gentoo Linux Security Advisory 202401-11
https://notcve.org/view.php?id=CVE-2018-8013
24 May 2018 — In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. En Apache Batik en versiones 1.x anteriores a la 1.10, cuando se deserializa la subclase de "AbstractDocument", la clase toma una cadena de inputStream como el nombre de clase y lo emplea para llamar al constructor no-arg ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-11358 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-11358
22 May 2018 — In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector Q.931 podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-q931.c evitando un uso de memoria previamente liberada una vez un paquete mal formado evitó ciertas limpiezas. It was discovered that Wireshark, ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-11362 – wireshark: Out-of-bounds read in packet-ldss.c
https://notcve.org/view.php?id=CVE-2018-11362
22 May 2018 — In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LDSS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ldss.c evitando una sobrelectura de búfer al encontrar un carácter "\0" faltante. A heap-based buffer overflow was found in the wireshark module responsi... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 3CVE-2018-1122 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1122
22 May 2018 — procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un escalado de privilegios locales en top. Si un usuario ejecuta top sin establecer HOME en un directorio controlado por el atacante, este podría lograr el escalado de ... • https://packetstorm.news/files/id/147806 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 4%CPEs: 9EXPL: 4CVE-2018-1123 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1123
22 May 2018 — procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). procps-ng en versiones anteriores a la 3.3.15 es vulnerable a una denegación de servicio (DoS) en ps mediante un desbordamiento de búfer en mmap. La protección incluida en ps mapea una página guard al final del búfer desbordado, asegurando ... • https://packetstorm.news/files/id/147806 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •