CVE-2018-19409
- EPSS 7.83%
- Veröffentlicht 21.11.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:52
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19407
- EPSS 0.48%
- Veröffentlicht 21.11.2018 00:29:01
- Zuletzt bearbeitet 21.11.2024 03:57:51
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
- EPSS 7.61%
- Veröffentlicht 16.11.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:56
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected u...
CVE-2018-16396
- EPSS 7.97%
- Veröffentlicht 16.11.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 03:52:40
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16395
- EPSS 10.72%
- Veröffentlicht 16.11.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:40
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may...
CVE-2018-5407
- EPSS 3.42%
- Veröffentlicht 15.11.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:45
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-18954
- EPSS 0.52%
- Veröffentlicht 15.11.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:56
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2018-17466
- EPSS 2.83%
- Veröffentlicht 14.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:28
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-16850
- EPSS 5.15%
- Veröffentlicht 13.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:26
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...
CVE-2018-19210
- EPSS 3.61%
- Veröffentlicht 12.11.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:33
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.