CVE-2018-12392 – Mozilla: Crash with nested event loops
https://notcve.org/view.php?id=CVE-2018-12392
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Al manipular los eventos de usuario en bucles anidados durante la apertura de un documento mediante script, es posible desencadenar un cierre inesperado potencialmente explotable debido a la mala gestión de eventos. Esta vulnerabilidad afecta a las versiones anteriores a la 63 de Firefox, las versiones anteriores a la 60.3 de Firefox ESR y las versiones anteriores a la 60.3 de Thunderbird. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/show_bug.cgi?id=1492823 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://lists.debian.org/debian-lts-announ • CWE-364: Signal Handler Race Condition •
CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation
https://notcve.org/view.php?id=CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0188 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2020:0174 https://blogs.securiteam.com/index.php/archives/3731 https://access.redhat.com/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2018-18284 – ghostscript: 1Policy operator allows a sandbox protection bypass
https://notcve.org/view.php?id=CVE-2018-18284
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con el operador 1Policy. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b http://www.openwall.com/lists/oss-security/2018/10/16/2 http://www.securityfocus.com/bid/107451 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 https://bugs.ghostscript.com/show_bug.cgi?id=699963 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https: •
CVE-2018-18445 – kernel: Faulty computation of numberic bounds in the BPF verifier
https://notcve.org/view.php?id=CVE-2018-18445
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. En el kernel de Linux 4.14.x, 4.15.x, 4.16.x, 4.17.x y versiones 4.18.x anteriores a la 4.18.13, el cálculo incorrecto de enlaces numéricos en el verificador BPF permite accesos a la memoria fuera de límites debido a que adjust_scalar_min_max_vals en kernel/bpf/verifier.c gestiona de manera incorrecta los desplazamientos a la derecha de 32 bits. A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user ("root") this can lead to a system panic and a denial of service or other unspecified impact. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://bugs.chromium.org/p/project-zero/issues/detail?id=1686 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13 https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https:/ • CWE-125: Out-of-bounds Read •
CVE-2018-3136 – OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)
https://notcve.org/view.php?id=CVE-2018-3136
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105601 http://www.securitytracker.com/id/1041889 https://access.redhat.com/errata/RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3003 https://access.redhat.com/errata/ • CWE-347: Improper Verification of Cryptographic Signature •