CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12362 – Mozilla: Integer overflow in SSSE3 scaler
https://notcve.org/view.php?id=CVE-2018-12362
29 Jun 2018 — An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de enteros durante las operaciones de gráficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explot... • http://www.securityfocus.com/bid/104560 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12363 – Mozilla: Use-after-free when appending DOM nodes
https://notcve.org/view.php?id=CVE-2018-12363
29 Jun 2018 — A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando script emplea eventos de mutación par... • http://www.securityfocus.com/bid/104560 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12364 – Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
https://notcve.org/view.php?id=CVE-2018-12364
29 Jun 2018 — NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Los plugins NPAPI, como Adobe Flash, pueden enviar peticiones cross-origin, omitiendo CORS al hacer un POST same-origin que realiza ... • http://www.securityfocus.com/bid/104560 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12365 – Mozilla: Compromised IPC child process can list local filenames
https://notcve.org/view.php?id=CVE-2018-12365
29 Jun 2018 — A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacción del... • http://www.securityfocus.com/bid/104560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12366 – Mozilla: Invalid data handling during QCMS transformations
https://notcve.org/view.php?id=CVE-2018-12366
29 Jun 2018 — An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Un tamaño de cuadrícula inválido durante las transformaciones QCMS (perfil de color) puede resultar en la lectura fuera de límites interpretada como valor float. Esto podría conducir al filtrado de datos privado... • http://www.securityfocus.com/bid/104560 • CWE-125: Out-of-bounds Read •
CVSS: 5.6EPSS: 1%CPEs: 481EXPL: 0CVE-2018-3665 – Kernel: FPU state information leakage via lazy FPU restore
https://notcve.org/view.php?id=CVE-2018-3665
14 Jun 2018 — System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. El software de sistema que emplea la técnica de restauración de estado Lazy FP en los sistemas que emplean microprocesadores de Intel Core podrían permitir que un proceso local infiera datos de otro proceso mediante un canal lateral de ejecución especulativa. A Floating Point Unit (FP... • http://www.securityfocus.com/bid/104460 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 37%CPEs: 16EXPL: 0CVE-2018-5002 – Adobe Flash Player Stack-based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-5002
11 Jun 2018 — Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de desbordamiento de búfer basado en pila. Su explotación con éxito podría permitir la ejecución de código arbitrario en el contexto del usuario actual. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Pla... • http://www.securityfocus.com/bid/104412 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 1CVE-2018-12020 – gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
https://notcve.org/view.php?id=CVE-2018-12020
08 Jun 2018 — mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. mainproc.c en GnuPG en versiones anteriores a la 2.2.8 gestiona de manera incorrecta el nombre de archi... • https://packetstorm.news/files/id/152703 • CWE-20: Improper Input Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-11806
07 Jun 2018 — m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the Q... • http://www.openwall.com/lists/oss-security/2018/06/07/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 0CVE-2018-4945 – Adobe Flash Microphone Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4945
07 Jun 2018 — Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de confusión de tipos. Su explotación con éxito podría permitir la ejecución de código arbitrario en el contexto del usuario actual. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash... • http://www.securityfocus.com/bid/104413 • CWE-704: Incorrect Type Conversion or Cast •