CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16802 – ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling
https://notcve.org/view.php?id=CVE-2018-16802
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. Se ha descubierto un problema en versiones anteriores a la 9.25 de Artifex Ghostscript. La comprobación incorrecta de "restoration of privilege" al quedarse sin pila durante el manejo de excepciones podría ser empleada por atacantes que sean capaces de proporcionar PostScript manipulado para ejecutar código mediante la instrucción "pipe". • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47 https://access.redhat.com/errata/RHSA-2018:3834 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://seclists.org/oss-sec/2018/q3/228 https://seclists.org/oss-sec/2018/q3/229 https://security • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 12%CPEs: 4EXPL: 1CVE-2018-16083 – WebRTC - FEC Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2018-16083
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Una lectura fuera de límites en el código de redirección de corrección de errores en WebRTC en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer. • https://www.exploit-db.com/exploits/45444 http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/856823 https://security.gentoo.org/glsa/201811-10 https://access.redhat.com/security/cve/CVE-2018-16083 https://bugzilla.redhat.com/show_bug.cgi?id=1625486 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16076 – chromium-browser: Out of bounds read in PDFium
https://notcve.org/view.php?id=CVE-2018-16076
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. La falta de comprobación de límites en PDFium en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/867501 https://security.gentoo.org/glsa/201811-10 https://access.redhat.com/security/cve/CVE-2018-16076 https://bugzilla.redhat.com/show_bug.cgi?id=1625478 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-16066 – chromium-browser: Out of bounds read in Blink
https://notcve.org/view.php?id=CVE-2018-16066
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/847570 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4289 https://access.redhat.com/security/cve/CVE-2018-16066 https://bugzilla.redhat.com/show_bug.cgi?id=1625467 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-16067 – chromium-browser: Out of bounds read in WebAudio
https://notcve.org/view.php?id=CVE-2018-16067
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/860522 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4289 https://access.redhat.com/security/cve/CVE-2018-16067 https://bugzilla.redhat.com/show_bug.cgi?id=1625469 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •