CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12362 – Mozilla: Integer overflow in SSSE3 scaler
https://notcve.org/view.php?id=CVE-2018-12362
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de enteros durante las operaciones de gráficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61. • http://www.securityfocus.com/bid/104560 http://www.securitytracker.com/id/1041193 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1452375 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12359 – Mozilla: Buffer overflow using computed size of canvas element
https://notcve.org/view.php?id=CVE-2018-12359
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de búfer al renderizar contenido canvas al ajustar dinámicamente la altura y anchura del elemento canvas, lo que provoca que los datos se escriban fuera de los límites calculados actualmente. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/104555 http://www.securitytracker.com/id/1041193 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1459162 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10852 – sssd: information leak from the sssd-sudo responder
https://notcve.org/view.php?id=CVE-2018-10852
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. El pipe de Unix que utiliza sudo para contactar SSSD y leer las reglas sudo disponibles desde SSSD tiene permisos demasiado laxos, lo que significa que cualquiera que pueda enviar un mensaje utilizando el mismo protocolo raw que utilizan sudo y SSSD puede leer reglas sudo disponibles para cualquier usuario. Esto afecta a las versiones SSSD en versiones anteriores a la 1.16.3. The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. • http://www.securityfocus.com/bid/104547 https://access.redhat.com/errata/RHSA-2018:3158 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852 https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html https://access.redhat.com/security/cve/CVE-2018-10852 https://bugzilla.redhat.com/show_bug.cgi?id=1588810 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 481EXPL: 0CVE-2018-3665 – Kernel: FPU state information leakage via lazy FPU restore
https://notcve.org/view.php?id=CVE-2018-3665
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. El software de sistema que emplea la técnica de restauración de estado Lazy FP en los sistemas que emplean microprocesadores de Intel Core podrían permitir que un proceso local infiera datos de otro proceso mediante un canal lateral de ejecución especulativa. A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year. • http://www.securityfocus.com/bid/104460 http://www.securitytracker.com/id/1041124 http://www.securitytracker.com/id/1041125 https://access.redhat.com/errata/RHSA-2018:1852 https://access.redhat.com/errata/RHSA-2018:1944 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 1CVE-2018-0495 – ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
https://notcve.org/view.php?id=CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Libgcrypt en versiones anteriores a la 1.7.10 y versiones 1.8.x anteriores a la 1.8.3 permite un ataque de canal lateral por caché de memoria en las firmas ECDSA que se puede mitigar mediante el uso de la ocultación durante el proceso de firmado en la función _gcry_ecc_ecdsa_sign en cipher/ecc-ecdsa.c. Esto también se conoce como Return Of the Hidden Number Problem o ROHNP. Para descubrir una clave ECDSA, el atacante necesita acceso a la máquina local o a una máquina virtual diferente en el mismo host físico. • http://www.securitytracker.com/id/1041144 http://www.securitytracker.com/id/1041147 https://access.redhat.com/errata/RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:2237 https://dev.gnupg.org/T4011 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •