CVSS: 9.1EPSS: 37%CPEs: 16EXPL: 1CVE-2018-12387 – Mozilla: stack out-of-bounds read in Array.prototype.push
https://notcve.org/view.php?id=CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Vulnerabilidad por la cual el compilador JIT de JavaScript inserta Array.prototype.push con múltiples argumentos que resultan en que el puntero de la pila está fuera de su sitio por 8 bytes tras un bailout. Esto filtra una dirección de memoria a la función llamante que puede emplearse como parte de un exploit dentro del proceso de contenido en sandbox. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12387 https:/&#x • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 1CVE-2018-12386 – Mozilla: type confusion in JavaScript
https://notcve.org/view.php?id=CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Una vulnerabilidad en la asignación de registros en JavaScript puede conducir a una confusión de tipos que permite la lectura y escritura arbitrarias. Esto conduce a la ejecución remota de código en el proceso de contenido en sandbox cuando se desencadena. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493900 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12386 https:/&#x • CWE-704: Incorrect Type Conversion or Cast CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-14648 – 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14648
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. Se ha descubierto un problema en 389 Directory Server. Una cadena de consulta especialmente manipulada podría conducir a un consumo de CPU excesivo en la función do_search(). • https://access.redhat.com/errata/RHSA-2018:3127 https://access.redhat.com/errata/RHSA-2018:3507 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648 https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html https://access.redhat.com/security/cve/CVE-2018-14648 https://bugzilla.redhat.com/show_bug.cgi?id=1630668 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/460 https://github.com/SegfaultMasters/covering360/blob/master/Exiv2 https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/3852-1 https://access.redhat.com/security/cve/CVE-2018-17581 https://bugzilla.redhat.com/show_bug.cgi?id=1635045 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12385 – Mozilla: Crash in TransportSecurityInfo due to cached data
https://notcve.org/view.php?id=CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. Un cierre inesperado potencialmente explotable en TransportSecurityInfo empleado para SSL puede desencadenarse por los datos almacenados en la caché local en el directorio de perfil del usuario. • http://www.securityfocus.com/bid/105380 http://www.securitytracker.com/id/1041700 http://www.securitytracker.com/id/1041701 https://access.redhat.com/errata/RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://bugzilla.mozilla.org/show_bug.cgi?id=1490585 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810- • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •