CVE-2018-0500
- EPSS 6.43%
- Veröffentlicht 11.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:21
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nons...
CVE-2018-1116
- EPSS 1.2%
- Veröffentlicht 10.07.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:12
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other...
CVE-2018-13785
- EPSS 4.47%
- Veröffentlicht 09.07.2018 13:29:00
- Zuletzt bearbeitet 29.05.2026 21:16:32
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVE-2018-13440
- EPSS 3.11%
- Veröffentlicht 08.07.2018 16:29:00
- Zuletzt bearbeitet 13.08.2025 20:48:07
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
CVE-2018-13405
- EPSS 1.01%
- Veröffentlicht 06.07.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:47:02
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a memb...
CVE-2018-13406
- EPSS 0.53%
- Veröffentlicht 06.07.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:47:02
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
CVE-2018-12910
- EPSS 4.19%
- Veröffentlicht 05.07.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:05
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2018-13153
- EPSS 3.97%
- Veröffentlicht 05.07.2018 02:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:31
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
CVE-2018-13094
- EPSS 2.18%
- Veröffentlicht 03.07.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:25
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
CVE-2018-13096
- EPSS 2.59%
- Veröffentlicht 03.07.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:25
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.