CVSS: 8.8EPSS: 86%CPEs: 5EXPL: 1CVE-2018-17480 – Google Chromium V8 Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2018-17480
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Ejecución de código JavaScript proporcionado por el usuario durante una deserialización de arrays, la cual provoca una escritura fuera de límites en la versión "V8" de Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/905940 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-17480 https://bugzilla.redhat.com/show_bug.cgi?id=1656547 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-18342 – chromium-browser: Out of bounds write in V8
https://notcve.org/view.php?id=CVE-2018-18342
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. La ejecución de código JavaScript proporcionado por el usuario durante una deserialización de objectos, provocando una escritura fuera de límites en la versión "V8" de Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/906313 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18342 https://bugzilla.redhat.com/show_bug.cgi?id=1656556 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 97%CPEs: 18EXPL: 4CVE-2018-15982 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Flash Player, en versiones 31.0.0.153 y anteriores y en la 31.0.0.108 y anteriores, tiene una vulnerabilidad de uso de memoria previamente liberada. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability • https://www.exploit-db.com/exploits/46051 https://github.com/scanfsec/CVE-2018-15982 https://github.com/FlatL1neAPT/CVE-2018-15982 https://github.com/SyFi/CVE-2018-15982 http://www.securityfocus.com/bid/106116 https://access.redhat.com/errata/RHSA-2018:3795 https://helpx.adobe.com/security/products/flash-player/apsb18-42.html https://access.redhat.com/security/cve/CVE-2018-15982 https://bugzilla.redhat.com/show_bug.cgi?id=1656585 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:1790 https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https:&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 27%CPEs: 16EXPL: 0CVE-2018-15981 – flash-plugin: Arbitrary code execution vulnerability (APSB18-44)
https://notcve.org/view.php?id=CVE-2018-15981
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Flash Player, en versiones 31.0.0.148 y anteriores, tiene una vulnerabilidad de confusión de tipos. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • http://www.securityfocus.com/bid/105964 http://www.securitytracker.com/id/1042151 https://access.redhat.com/errata/RHSA-2018:3644 https://helpx.adobe.com/security/products/flash-player/apsb18-44.html https://access.redhat.com/security/cve/CVE-2018-15981 https://bugzilla.redhat.com/show_bug.cgi?id=1651640 • CWE-704: Incorrect Type Conversion or Cast •