CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12397 – Mozilla: WebExtension local file permission check bypass
https://notcve.org/view.php?id=CVE-2018-12397
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. WebExtensions pueden solicitar el acceso a archivos locales sin que salte un aviso de advertencia en el que consta que la extensión accederá a sus datos para todo sitio web, mostrándose así al usuario. Esto permite que las extensiones ejecuten scripts de contenido en páginas locales sin advertencias de permisos al abrir un archivo local. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1487478 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12395 – Mozilla: WebExtension bypass of domain restrictions through header rewriting
https://notcve.org/view.php?id=CVE-2018-12395
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Al reescribir las cabeceras "Host: request" que utilizan la API webRequest, WebExtensions pueden omitir las restricciones de dominio mediante la fronting del dominio. Esto permitiría el acceso a dominios, cuyo acceso es normalmente restringido, que comparten un host. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1467523 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1CVE-2018-18585 – libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
https://notcve.org/view.php?id=CVE-2018-18585
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene "\0" como su primer o segundo carácter (como el nombre "/\0"). • https://access.redhat.com/errata/RHSA-2019:2049 https://bugs.debian.org/911637 https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3814-1 https://usn.ubuntu.com/3814-2 https://usn.ubuntu.com/3814-3 https://www.openwall.com/lists/oss-security/2018/10/22/1 https://www.starwindsoftware.com/security/sw-20181213-0002 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 1CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation
https://notcve.org/view.php?id=CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0188 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2020:0174 https://blogs.securiteam.com/index.php/archives/3731 https://access.redhat.com/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18520 – elfutils: eu-size cannot handle recursive ar files
https://notcve.org/view.php?id=CVE-2018-18520
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Existe una desreferencia de dirección de memoria inválida en la función elf_end en elfutils hasta la versión v0.174. Aunque se supone que eu-size soporta archivos ar dentro de archivos ar, handle_ar en size.c cierra el archivo ar externo antes de gestionar todas la entradas internas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23787 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18520 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •