CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6117 – chromium-browser: Confusing autofill settings
https://notcve.org/view.php?id=CVE-2018-6117
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Las opciones confusas en Autofill en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitían que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/822465 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6117 https://bugzilla.redhat.com/show_bug.cgi?id=1568797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17461
https://notcve.org/view.php?id=CVE-2018-17461
An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Una lectura fuera de límites en PDFium en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/874359 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2018-18493 – Mozilla: Buffer overflow in accelerated 2D canvas with Skia
https://notcve.org/view.php?id=CVE-2018-18493
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir un desbordamiento de búfer en la librería SKIA durante los cálculos de un desplazamiento de búfer con acciones de hardware aceleradas de CANVAS 2D, debido al uso de cálculos de 32-bit en vez de 64-bit. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https://usn.ubuntu.com/3844-1 https://usn.ubuntu.com/3868-1 https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18498 – Mozilla: Integer overflow when calculating buffer sizes for images
https://notcve.org/view.php?id=CVE-2018-18498
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir una vulnerabilidad potencial que conduce a un desbordamiento de enteros durante los cálculos de tamaño de búfer cuando se emplea un valor bruto en vez del valor comprobado. Esto conduce a una escritura fuera de límites. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/show_bug.cgi?id=1500011 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https://usn.ubuntu.com/3844-1 https://usn.ubuntu.com/3868-1 https:/&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18492 – Mozilla: Use-after-free with select element
https://notcve.org/view.php?id=CVE-2018-18492
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada tras el borrado de un elemento de selección debido a una referencia débil a dicho elemento en la colección de opciones. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/show_bug.cgi?id=1499861 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https://usn.ubuntu.com/3844-1 https://usn.ubuntu.com/3868-1 https:/&# • CWE-416: Use After Free •