CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2018-12406
https://notcve.org/view.php?id=CVE-2018-12406
Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 63. Algunos de estos errores mostraban evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/106167 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129 https://usn.ubuntu.com/3844-1 https://www.mozilla.org/security/advisories/mfsa2018-29 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12402
https://notcve.org/view.php?id=CVE-2018-12402
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63. • http://www.securityfocus.com/bid/105721 http://www.securitytracker.com/id/1041944 https://bugzilla.mozilla.org/show_bug.cgi?id=1447087 https://bugzilla.mozilla.org/show_bug.cgi?id=1469916 https://usn.ubuntu.com/3801-1 https://www.mozilla.org/security/advisories/mfsa2018-26 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3824
https://notcve.org/view.php?id=CVE-2019-3824
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lectura en el servidor LDAP podría aprovechar este fallo para provocar una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html http://www.securityfocus.com/bid/107347 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824 https://bugzilla.samba.org/show_bug.cgi?id=13773 https://lists.debian.org/debian-lts-announce/2019/03/msg00000.html https://security.netapp.com/advisory/ntap-20190226-0001 https://usn.ubuntu.com/3895-1 https://www.debian.org/security/2019/dsa-4397 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-9210 – advancecomp: integer overflow in png_compress in pngex.cc
https://notcve.org/view.php?id=CVE-2019-9210
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) En la versión 2.1 de AdvanceCOMP, png_compress en pngex.cc en advpng tiene un desbordamiento de enteros, al encontrarse con un tamaño de PNG inválido, lo que conduce a que un memcpy intente escribirse en un búfer que es demasiado pequeño. (Hay, también, una sobrelectura de búfer basada en memoria dinámica o heap). • https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R56LVWC7KUNXFRKQB3Y5NX2YHFJKYZB4 https://sourceforge.net/p/advancemame/bugs/277 https://usn.ubuntu.com/3936-1 https://usn.ubuntu.com/3936-2 https://access.redhat.com/security/cve/CVE-2019-9210 https://bugzilla.redhat.com/show_bug.cgi?id=1684596 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 2CVE-2019-9200 – poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc
https://notcve.org/view.php?id=CVE-2019-9200
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Existe un "infraescritura" de búfer basado en memoria dinámica (heap) en mageStream::getLine() en Stream.cc en la versión 0.74.0 de Poppler que puede, por ejemplo, desencadenarse mediante el envío de un archivo PDF manipulado al binario pdfimages. Permite a un atacante provocar una denegación de servicio (fallo de segmentación) o tener otro impacto no especificado. • http://www.securityfocus.com/bid/107172 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/728 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS https://lists.fedoraproject.org/archives/list/packag • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •