CVE-2018-19210
- EPSS 3.61%
- Veröffentlicht 12.11.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:33
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
CVE-2018-19216
- EPSS 1.26%
- Veröffentlicht 12.11.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:34
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
CVE-2018-19206
- EPSS 60.16%
- Veröffentlicht 12.11.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:33
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
CVE-2018-19198
- EPSS 2.37%
- Veröffentlicht 12.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:32
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
CVE-2018-19199
- EPSS 2.34%
- Veröffentlicht 12.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:32
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
CVE-2018-19200
- EPSS 2.48%
- Veröffentlicht 12.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:32
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
CVE-2018-19141
- EPSS 0.67%
- Veröffentlicht 11.11.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:24
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
CVE-2018-19143
- EPSS 0.86%
- Veröffentlicht 11.11.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:25
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
CVE-2018-19139
- EPSS 1.66%
- Veröffentlicht 09.11.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:24
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
CVE-2018-19132
- EPSS 6.11%
- Veröffentlicht 09.11.2018 11:29:03
- Zuletzt bearbeitet 21.11.2024 03:57:23
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.