CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-15978 – flash-plugin: Information Disclosure vulnerability (APSB18-39)
https://notcve.org/view.php?id=CVE-2018-15978
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Flash Player, en versiones 31.0.0.122 y anteriores, tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/105909 http://www.securitytracker.com/id/1042098 https://access.redhat.com/errata/RHSA-2018:3618 https://helpx.adobe.com/security/products/flash-player/apsb18-39.html https://access.redhat.com/security/cve/CVE-2018-15978 https://bugzilla.redhat.com/show_bug.cgi?id=1649537 • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17472
https://notcve.org/view.php?id=CVE-2018-17472
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. La colocación incorrecta de diálogos en WebContents en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/822518 https://security.gentoo.org/glsa/201811-10 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14657 – keycloak: brute force protection not working for the entire login workflow
https://notcve.org/view.php?id=CVE-2018-14657
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. Se ha descubierto un error en Keycloak 4.2.1.Final y 4.3.0.Final. Cuando TOPT está habilitado, la implementación incorrecta del algoritmo de detección de fuerza bruta no aplica sus medidas de protección. • https://access.redhat.com/errata/RHSA-2018:3592 https://access.redhat.com/errata/RHSA-2018:3593 https://access.redhat.com/errata/RHSA-2018:3595 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657 https://access.redhat.com/security/cve/CVE-2018-14657 https://bugzilla.redhat.com/show_bug.cgi?id=1625404 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14655 – keycloak: XSS-Vulnerability with response_mode=form_post
https://notcve.org/view.php?id=CVE-2018-14655
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. Se ha descubierto un error en Keycloak 3.4.3.Final, 4.0.0.Beta2 y 4.3.0.Final. Al emplear "response_mode=form_post", es posible inyectar código JavaScript arbitrario mediante el parámetro "state" en la URL de autenticación. • https://access.redhat.com/errata/RHSA-2018:3592 https://access.redhat.com/errata/RHSA-2018:3593 https://access.redhat.com/errata/RHSA-2018:3595 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655 https://access.redhat.com/security/cve/CVE-2018-14655 https://bugzilla.redhat.com/show_bug.cgi?id=1625396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19214
https://notcve.org/view.php?id=CVE-2018-19214
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para las entradas insuficientes. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392521 https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354 • CWE-125: Out-of-bounds Read •