Log

CVE-2018-19624 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A NULL-pointer dereference has been found in the PVFS dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-56
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15280
+ https://code.wireshark.org/review/#/c/30811/
Notes
CVE-2018-19625 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the dissection engine of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-51
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14466
+ https://code.wireshark.org/review/#/c/30152/
Notes
CVE-2018-19626 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the DCOM dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-52
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130
+ https://code.wireshark.org/review/#/c/30158/
Notes
CVE-2018-19627 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in the IxVeriWave file parser of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file
References
+ https://www.wireshark.org/security/wnpa-sec-2018-55
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279
+ https://code.wireshark.org/review/#/c/30813/
Notes
CVE-2018-19628 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A divide-by-zero error has been found in the ZigBee ZCL dissector of Wireshark versions prior to 2.6.5, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
References
+ https://www.wireshark.org/security/wnpa-sec-2018-57
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15281
+ https://code.wireshark.org/review/#/c/30810/
Notes
CVE-2018-19788 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.
References
+ https://seclists.org/oss-sec/2018/q4/198
+ https://gitlab.freedesktop.org/polkit/polkit/issues/74
+ https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
Notes
CVE-2018-19800 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ A potential buffer overflow vulnerability was found on invalid new_aubio-tempo in aubio before 0.4.9, which may lead to application crash when playing a crafted audio file.
References
+ https://github.com/aubio/aubio/commit/1cf031a3a5b869368562b1251419fd45191eaa53
Notes
CVE-2018-19801 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ A NULL pointer dereference (denial of service) vulnerability was found on invalid n_filters in aubio before 0.4.9, which may lead to application crash when playing a crafted audio file.
References
+ https://github.com/aubio/aubio/commit/bcc53876548334b4c5f1ebd47a5bd5f151974e8b
Notes
CVE-2018-19802 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ A NULL pointer dereference (denial of service) vulnerability was found on invalid new_aubio_onset in aubio before 0.4.9, which may lead to application crash when playing a crafted audio file.
References
+ https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e
Notes
CVE-2018-19876 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A memory-corruption issue has been found in cairo versions <= 1.16.0, in the cairo_ft_apply_variations() function in cairo-ft-font.c. This function frees memory using the wrong free function, leading to memory corruption. As cairo is used, among others, by WebKitGTK+, this could be triggered by a crafted web content in some cases.
References
+ https://seclists.org/oss-sec/2018/q4/205
+ https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
Notes