DEBIAN-CVE-2018-18955

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAPSYSADMIN in an affected user namespace can bypass access controls on resources...

Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit

Exploit for linux platform in category local exploits Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switchin...

UBUNTU-CVE-2018-18955

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAPSYSADMIN in an affected user namespace can bypass access controls on resources...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to a denial of service DoS attack. The library does not parse nested tags properly, causing a panic: runtime error exception which crashes the application...

Fedora 27 : xen (2018-f20a0cead5)

x86: Nested VT-x usable even when disabled XSA-278 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

RHEL 7 : thunderbird (RHSA-2018:3532)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3532 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fixes: Mozilla:...

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1340)

This update for MozillaThunderbird fixes the following issues : Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues bsc1112852 : Security issues fixed MFSA 2018-28 : - CVE-2018-12389: Fixed memory safety bugs. - CVE-2018-12390: Fixed memory safety bugs. - CVE-2018-12391:...

xerces-c: Stack overflow when parsing deeply nested DTD

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

xerces-c: Stack overflow when parsing deeply nested DTD

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

UBUNTU-CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

ALPINE-CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

xerces-c: Stack overflow when parsing deeply nested DTD

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

Mozilla Firefox and Firefox ESR Denial of Service Vulnerability (CNVD-2018-21822)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox versions prior to 63 and Firefox ESR versions prior to 60.3. The vulnerability stems from imprope...

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...