Log

CVE-2018-5002 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A stack-based buffer overflow has been found in Adobe Flash Player before 30.0.0.113, leading to arbitrary code execution.
References
+ https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Notes
CVE-2018-5125 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Various memory safety bugs have been found in Thunderbird < 52.7.0 and Firefox < 59.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5125
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520
Notes
CVE-2018-5127 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5127
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1430557
Notes
CVE-2018-5129 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Access restriction bypass
Description
+ A lack of parameter validation on IPC messages results in a potential out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5129
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1428947
Notes
CVE-2018-5144 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An integer overflow can occur during conversion of text to some Unicode character sets in Thunderbird < 52.7.0, due to an unchecked length parameter.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5144
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1440926
Notes
CVE-2018-5145 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Various memory safety bugs have been found in Thunderbird < 52.7.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5145
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955
Notes
CVE-2018-5146 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size.
References
+ https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f
+ http://seclists.org/oss-sec/2018/q1/243
Notes
CVE-2018-5147 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5147
+ https://git.xiph.org/?p=tremor.git;a=commitdiff;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
+ http://seclists.org/oss-sec/2018/q1/243
Notes
+ The libtremor library has the same flaw as CVE-2018-5146.
CVE-2018-5150 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5150
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129
Notes
CVE-2018-5151 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs has been found in Firefox before 60.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417
Notes