CVE-2018-20196
- EPSS 1.28%
- Veröffentlicht 18.12.2018 01:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:04
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impa...
CVE-2018-20199
- EPSS 1.13%
- Veröffentlicht 18.12.2018 01:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:05
A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding t...
CVE-2018-20189
- EPSS 2.28%
- Veröffentlicht 17.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:03
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bi...
CVE-2018-20184
- EPSS 2.31%
- Veröffentlicht 17.12.2018 19:29:03
- Zuletzt bearbeitet 21.11.2024 04:01:02
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed t...
CVE-2018-20185
- EPSS 2.11%
- Veröffentlicht 17.12.2018 19:29:03
- Zuletzt bearbeitet 21.11.2024 04:01:02
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects Graphics...
CVE-2018-18245
- EPSS 2.55%
- Veröffentlicht 17.12.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:34
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
CVE-2018-20169
- EPSS 0.59%
- Veröffentlicht 17.12.2018 07:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:00
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVE-2018-20147
- EPSS 3.6%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:56
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
CVE-2018-20148
- EPSS 30.89%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:56
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_t...
CVE-2018-20149
- EPSS 3.44%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:57
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.