CVE-2018-18313
- EPSS 9.52%
- Veröffentlicht 07.12.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:41
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18314
- EPSS 6.06%
- Veröffentlicht 07.12.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:41
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-19931
- EPSS 1.61%
- Veröffentlicht 07.12.2018 07:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:49
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not r...
CVE-2018-9568
- EPSS 0.72%
- Veröffentlicht 06.12.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 04:15:43
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
CVE-2018-18312
- EPSS 12.09%
- Veröffentlicht 05.12.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:40
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-19854
- EPSS 0.43%
- Veröffentlicht 04.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:41
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sens...
CVE-2018-19840
- EPSS 2.3%
- Veröffentlicht 04.12.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:40
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishan...
CVE-2018-19841
- EPSS 2.54%
- Veröffentlicht 04.12.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:40
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvun...
CVE-2018-19824
- EPSS 0.56%
- Veröffentlicht 03.12.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:37
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
- EPSS 11.48%
- Veröffentlicht 03.12.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:33
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.