CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6137 – chromium-browser: Leak of visited status of page in Blink
https://notcve.org/view.php?id=CVE-2018-6137
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La API CSS Paint en Blink en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto filtrase los datos cross-origin mediante una página HTML manipulada. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/835589 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6137 https://bugzilla.redhat.com/show_bug.cgi?id=1584048 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. • http://www.openwall.com/lists/oss-security/2018/06/07/1 http://www.securityfocus.com/bid/104400 https://access.redhat.com/errata/RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=1586245 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2018-4945 – Adobe Flash Microphone Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4945
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de confusión de tipos. Su explotación con éxito podría permitir la ejecución de código arbitrario en el contexto del usuario actual. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-4945 https://bugzilla.redhat.com/show_bug.cgi?id=1588500 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5000 – Adobe Flash RTMP Parsing Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-5000
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de desbordamiento de enteros. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5000 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5001 – Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5001
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5001 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-125: Out-of-bounds Read •