CVE-2018-18313
- EPSS 9.52%
- Veröffentlicht 07.12.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:41
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18314
- EPSS 6.06%
- Veröffentlicht 07.12.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:41
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-19935
- EPSS 6.28%
- Veröffentlicht 07.12.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:50
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
CVE-2018-18312
- EPSS 12.09%
- Veröffentlicht 05.12.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:40
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-19857
- EPSS 3.92%
- Veröffentlicht 05.12.2018 11:29:05
- Zuletzt bearbeitet 21.11.2024 03:58:41
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that...
CVE-2018-6152
- EPSS 1.32%
- Veröffentlicht 04.12.2018 17:29:02
- Zuletzt bearbeitet 21.11.2024 04:10:10
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to pote...
CVE-2018-6086
- EPSS 3.35%
- Veröffentlicht 04.12.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 04:10:02
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2018-6087
- EPSS 3.45%
- Veröffentlicht 04.12.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 04:10:02
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-6088
- EPSS 2.42%
- Veröffentlicht 04.12.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 04:10:02
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVE-2018-6089
- EPSS 1.6%
- Veröffentlicht 04.12.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 04:10:02
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.