CVE-2018-19476
- EPSS 3.04%
- Veröffentlicht 23.11.2018 05:29:03
- Zuletzt bearbeitet 21.11.2024 03:57:59
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVE-2018-19477
- EPSS 3.04%
- Veröffentlicht 23.11.2018 05:29:03
- Zuletzt bearbeitet 21.11.2024 03:57:59
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVE-2018-19432
- EPSS 2.96%
- Veröffentlicht 22.11.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:54
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
CVE-2018-19409
- EPSS 7.83%
- Veröffentlicht 21.11.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:52
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19274
- EPSS 5.2%
- Veröffentlicht 17.11.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:39
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
CVE-2018-16396
- EPSS 7.97%
- Veröffentlicht 16.11.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 03:52:40
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16395
- EPSS 10.72%
- Veröffentlicht 16.11.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:40
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may...
CVE-2018-19296
- EPSS 2.21%
- Veröffentlicht 16.11.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:41
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVE-2018-5407
- EPSS 3.42%
- Veröffentlicht 15.11.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:45
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-6081
- EPSS 0.88%
- Veröffentlicht 14.11.2018 15:29:02
- Zuletzt bearbeitet 21.11.2024 04:10:01
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.