CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2019-8308 – flatpak: potential /proc based sandbox escape
https://notcve.org/view.php?id=CVE-2019-8308
12 Feb 2019 — Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Flatpak, en versiones anteriores a la 1.0.7 y en versiones 1.1.x y 1.2.x anteriores a la 1.2.3, expone /proc en el sandbox de script apply_extra, lo que permite que los atacantes modifiquen un archivo ejecutable del lado del host. A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide ma... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html • CWE-668: Exposure of Resource to Wrong Sphere CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.1EPSS: 1%CPEs: 29EXPL: 0CVE-2018-18506 – Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied
https://notcve.org/view.php?id=CVE-2018-18506
31 Jan 2019 — When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 41%CPEs: 18EXPL: 1CVE-2018-18500 – Mozilla: Use-after-free parsing HTML5 stream
https://notcve.org/view.php?id=CVE-2018-18500
30 Jan 2019 — A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una vulnerabilidad de memoria previamente liberada puede ocurrir a la hora de analizar una transmisión HTML5 junto con elementos HTML personalizados. Esto resulta en la liberación del objeto de análisi... • https://github.com/sophoslabs/CVE-2018-18500 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 17EXPL: 0CVE-2018-18501 – Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
https://notcve.org/view.php?id=CVE-2018-18501
30 Jan 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 64 and Firefox ESR 60.4. Algunos de esto... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 3%CPEs: 18EXPL: 0CVE-2018-18505 – Mozilla: Privilege escalation through IPC channel messages
https://notcve.org/view.php?id=CVE-2018-18505
30 Jan 2019 — An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thund... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3813 – spice: Off-by-one error in array access in spice/server/memslot.c
https://notcve.org/view.php?id=CVE-2019-3813
29 Jan 2019 — Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. Spice, desde la versión 0.5.2 hasta la 0.14.1, son vulnerables a una lectura fuera de límites debido a un error por un paso en memslot_get_virt. Esto podría conducir a una denegación de servicio (DoS) o, en el peor de los casos, la ejecución de código por parte de atacantes no au... • http://www.securityfocus.com/bid/106801 • CWE-193: Off-by-one Error •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3815 – systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
https://notcve.org/view.php?id=CVE-2019-3815
28 Jan 2019 — A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. Se descubrió una fuga de memoria en el "backport" de soluciones para CVE-2018-16864 en Red Hat Enterprise Linux. • http://www.securityfocus.com/bid/106632 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 65%CPEs: 18EXPL: 5CVE-2019-6116 – Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-6116
23 Jan 2019 — In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. En Artifex Ghostscript hasta la versión 9.26, los procedimientos ephemeral o transient pueden permitir el acceso a los operadores del sistema, lo que conduce a la ejecución remota de código. It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this f... • https://packetstorm.news/files/id/151307 •
CVSS: 3.1EPSS: 0%CPEs: 34EXPL: 0CVE-2019-2422 – OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
https://notcve.org/view.php?id=CVE-2019-2422
16 Jan 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessib... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-6133 – polkit: Temporary auth hijacking via PID reuse and non-atomic fork
https://notcve.org/view.php?id=CVE-2019-6133
11 Jan 2019 — In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado co... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •