Log

CVE-2018-18353 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An inappropriate implementation issue has been found in the Network Authentication component of chromium before 71.0.3578.80.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=884179
Notes
CVE-2018-18354 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ An insufficient data validation issue has been found in the Shell Integration component of chromium before 71.0.3578.80.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=889459
Notes
CVE-2018-18355 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=896717
Notes
CVE-2018-18356 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=883666
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1525817
Notes
CVE-2018-18357 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=895207
Notes
CVE-2018-18358 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An insufficient policy enforcement issue has been found in the Proxy component of chromium before 71.0.3578.80.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=899126
Notes
CVE-2018-18359 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the V8 component of chromium before 71.0.3578.80.
References
+ https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=907714
Notes
CVE-2018-18445 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In the Linux kernel 4.14.x before 4.14.75 and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
References
+ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681
+ https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13
+ https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
+ https://seclists.org/oss-sec/2018/q4/69
Notes
CVE-2018-18492 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free has been found in Firefox < 64.0, after deleting a selection element due to a weak reference to the select element in the options collection.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1499861
Notes
CVE-2018-18493 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A buffer overflow can occur in the Skia library use by Firefox < 64.0, during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1504452
Notes