Log

CVE-2018-19591 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A file descriptor leak has been found in glibc <= 2.28, in the if_nametoindex() function, when processing getaddrinfo() calls with crafted interface names.
References
+ https://seclists.org/oss-sec/2018/q4/186
+ https://sourceware.org/bugzilla/show_bug.cgi?id=23927
+ https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ce6ba630dbc96f49eb1f30366aa62261df4792f9
Notes
CVE-2018-19622 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in the MMSE dissector of Wireshark versions prior to 2.6.5, which could be made to consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-54
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15250
+ https://code.wireshark.org/review/#/c/30613/
Notes
CVE-2018-19623 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap-based out-of-bounds write has been found in the LBMPDM dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-53
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132
+ https://code.wireshark.org/review/#/c/30346/
Notes
CVE-2018-19624 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A NULL-pointer dereference has been found in the PVFS dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-56
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15280
+ https://code.wireshark.org/review/#/c/30811/
Notes
CVE-2018-19625 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the dissection engine of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-51
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14466
+ https://code.wireshark.org/review/#/c/30152/
Notes
CVE-2018-19626 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the DCOM dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-52
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130
+ https://code.wireshark.org/review/#/c/30158/
Notes
CVE-2018-19627 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the IxVeriWave file parser of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-55
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279
+ https://code.wireshark.org/review/#/c/30813/
Notes
CVE-2018-19628 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A divide-by-zero error has been found in the ZigBee ZCL dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
References
+ https://www.wireshark.org/security/wnpa-sec-2018-57
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15281
+ https://code.wireshark.org/review/#/c/30810/
Notes
CVE-2018-19788 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.
References
+ https://seclists.org/oss-sec/2018/q4/198
+ https://gitlab.freedesktop.org/polkit/polkit/issues/74
+ https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
Notes
CVE-2018-19800 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ A potential buffer overflow vulnerability was found on invalid new_aubio-tempo in aubio before 0.4.9, which may lead to application crash when playing a crafted audio file.
References
+ https://github.com/aubio/aubio/commit/1cf031a3a5b869368562b1251419fd45191eaa53
Notes