CVSS: 6.5EPSS: 2%CPEs: 9EXPL: 0CVE-2018-14659 – glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14659
31 Oct 2018 — The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un ataque de denegación de servicio (DoS) mediante el uso del xa... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-14651 – glusterfs: glusterfs server exploitable via symlinks to relative paths
https://notcve.org/view.php?id=CVE-2018-14651
31 Oct 2018 — It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. Se ha descubierto que la solución para CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 y CVE-2018-10926 estaba incompleta. Un atacante autenticado remoto podría emplear u... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-14660 – glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion
https://notcve.org/view.php?id=CVE-2018-14660
31 Oct 2018 — A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. Se ha encontrado un error en el servidor glusterfs hasta las versiones 4.1.4 y 3.1.2 que permitía el uso repetido del xattr GF_META_LOCK_KEY. Un atacante autenticado remoto podría emplear este error para... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 3%CPEs: 8EXPL: 0CVE-2018-14661 – glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-14661
31 Oct 2018 — It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. Se ha detectado que el uso de la función snprintf en el traductor feature/locks del servidor glusterfs 3.8.4, tal y como se distribuye con Red Hat Gluster Storage, era vulnerable a un ataque de cadena de formato. Un atacante remoto autentica... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17477 – chromium-browser: UI spoof in Extensions
https://notcve.org/view.php?id=CVE-2018-17477
25 Oct 2018 — Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. La colocación incorrecta de diálogos en Extensions en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de los popups de extensión mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538... • http://www.securityfocus.com/bid/105666 •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17474 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2018-17474
25 Oct 2018 — Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en HTMLImportsController en Blink en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/105666 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17476 – chromium-browser: Security UI occlusion in full screen mode
https://notcve.org/view.php?id=CVE-2018-17476
25 Oct 2018 — Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en Cast UI en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.67. Issues addressed ... • http://www.securityfocus.com/bid/105666 •
CVSS: 9.8EPSS: 5%CPEs: 19EXPL: 0CVE-2018-12392 – Mozilla: Crash with nested event loops
https://notcve.org/view.php?id=CVE-2018-12392
25 Oct 2018 — When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Al manipular los eventos de usuario en bucles anidados durante la apertura de un documento mediante script, es posible desencadenar un cierre inesperado potencialmente explotable debido a la mala gestión de eventos. Esta vulnerabilidad afecta a las versi... • http://www.securityfocus.com/bid/105718 • CWE-364: Signal Handler Race Condition •
CVSS: 8.8EPSS: 91%CPEs: 5EXPL: 6CVE-2018-17463 – Google Chromium V8 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17463
25 Oct 2018 — Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Anotación de efecto secundario en V8 en Google Chrome en versiones anteriores a la 70.0.3538.64 permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.67. Issues addre... • https://packetstorm.news/files/id/156640 •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17464 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-17464
25 Oct 2018 — Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta del historial en iOS en la navegación en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrade... • http://www.securityfocus.com/bid/105666 •