CVE-2018-20763
- EPSS 1.41%
- Veröffentlicht 06.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:07
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.
CVE-2018-16890
- EPSS 5.35%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:32
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subjec...
CVE-2019-3820
- EPSS 0.5%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:36
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions...
CVE-2019-3822
- EPSS 12.77%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:36
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents...
CVE-2019-3823
- EPSS 4.29%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:37
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed n...
CVE-2019-3825
- EPSS 0.5%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:37
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to...
CVE-2019-3463
- EPSS 4.87%
- Veröffentlicht 06.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:05
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
CVE-2019-3464
- EPSS 4.7%
- Veröffentlicht 06.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:05
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
CVE-2018-18500
- EPSS 12.66%
- Veröffentlicht 05.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:03
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affec...
CVE-2018-18501
- EPSS 3.47%
- Veröffentlicht 05.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:03
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r...