CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
30 Nov 2018 — Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of se... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-14646 – kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14646
26 Nov 2018 — The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. El kernel de Linux en versiones anteriores a la 4.15-rc8 era vulnerable a un error de desreferencia de puntero NULL en la función __netlink_ns_capable() en el archivo net/netlink/af_netlink.c. Un atacante loc... • https://access.redhat.com/errata/RHSA-2018:3651 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 74%CPEs: 15EXPL: 1CVE-2018-19475 – ghostscript: access bypass in psi/zdevice2.c (700153)
https://notcve.org/view.php?id=CVE-2018-19475
23 Nov 2018 — psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. psi/zdevice2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a que el espacio de pila disponible no se comprueba cuando el dispositivo no cambia. The Ghostscript suite contains utilities for rendering PostScript and PDF docum... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2018-19476 – ghostscript: access bypass in psi/zicc.c (700169)
https://notcve.org/view.php?id=CVE-2018-19476
23 Nov 2018 — psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. psi/zicc.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo setcolorspace. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code ca... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2018-19477 – ghostscript: access bypass in psi/zfjbig2.c (700168)
https://notcve.org/view.php?id=CVE-2018-19477
23 Nov 2018 — psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. psi/zfjbig2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo JBIG2Decode. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code ... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 3CVE-2018-5407 – Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
https://notcve.org/view.php?id=CVE-2018-5407
02 Nov 2018 — Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos". A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An... • https://packetstorm.news/files/id/150138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2018-12389 – Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12389
25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción ... • http://www.securityfocus.com/bid/105723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 6%CPEs: 19EXPL: 0CVE-2018-12390 – Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12390
25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 62 y Firefox ESR 60.2. Algunos de estos ... • http://www.securityfocus.com/bid/105718 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 5%CPEs: 19EXPL: 0CVE-2018-12392 – Mozilla: Crash with nested event loops
https://notcve.org/view.php?id=CVE-2018-12392
25 Oct 2018 — When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Al manipular los eventos de usuario en bucles anidados durante la apertura de un documento mediante script, es posible desencadenar un cierre inesperado potencialmente explotable debido a la mala gestión de eventos. Esta vulnerabilidad afecta a las versi... • http://www.securityfocus.com/bid/105718 • CWE-364: Signal Handler Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12397 – Mozilla: WebExtension local file permission check bypass
https://notcve.org/view.php?id=CVE-2018-12397
25 Oct 2018 — A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. WebExtensions pueden solicitar el acceso a archivos locales sin que salte un aviso de advertencia en el que consta que la extensión accederá a sus datos para... • http://www.securityfocus.com/bid/105718 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •