CVSS: 9.8EPSS: 38%CPEs: 21EXPL: 2CVE-2018-5159 – Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2018-5159
11 May 2018 — An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir un desbordamiento de enteros en la biblioteca Skia debido al uso de números enteros de 32 bits en un array sin verificaciones de desbordamiento d... • https://packetstorm.news/files/id/147843 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 1%CPEs: 21EXPL: 0CVE-2018-5168 – Mozilla: Lightweight themes can be installed without user interaction
https://notcve.org/view.php?id=CVE-2018-5168
11 May 2018 — Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Los sitios pueden omitir las comprobaciones de seguridad de los permisos para instalar temas ligeros manipulando la propiedad "baseU... • http://www.securityfocus.com/bid/104136 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 22%CPEs: 20EXPL: 0CVE-2018-5178 – Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
https://notcve.org/view.php?id=CVE-2018-5178
11 May 2018 — A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Se ha encontrado un desbordamiento de búfer durante la conversión de cadenas UTF8 a Unicode dentro de JavaScript con cantidades de datos extremadamente grandes. Esta vulnerabilidad requiere e... • http://www.securityfocus.com/bid/104138 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2018-5154 – Mozilla: Use-after-free with SVG animations and clip paths
https://notcve.org/view.php?id=CVE-2018-5154
11 May 2018 — A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se enumeran atributos durante las animaciones SVG con las rutas de clips. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/104136 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 20%CPEs: 11EXPL: 0CVE-2018-1089 – 389-ds-base: ns-slapd crash via large filter value in ldapsearch
https://notcve.org/view.php?id=CVE-2018-1089
09 May 2018 — 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. 389-ds-base en versiones anteriores a la 1.4.0.9, 1.3.8.1 y 1.3.6.15 no gestionó correctamente los filtros de búsqueda largos con caracteres que necesitan escapado. Esto podría ... • http://www.securityfocus.com/bid/104137 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 28%CPEs: 16EXPL: 0CVE-2018-4944 – flash-plugin: Arbitrary Code Execution vulnerability (APSB18-16)
https://notcve.org/view.php?id=CVE-2018-4944
09 May 2018 — Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player, en versiones 29.0.0.140 y anteriores, tiene una vulnerabilidad explotable de confusión de tipos. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web... • http://www.securityfocus.com/bid/104101 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 21%CPEs: 24EXPL: 6CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
02 May 2018 — The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del siste... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6098 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6098
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6093 – chromium-browser: Same origin bypass in Service Worker
https://notcve.org/view.php?id=CVE-2018-6093
24 Apr 2018 — Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Comprobación de origen insuficiente en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto filtrase los datos cross-origin mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buffer over... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •