Log

CVE-2018-3646 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
References
+ https://access.redhat.com/errata/RHSA-2018:2384
Notes
CVE-2018-3740 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
References
Notes
+ Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.
CVE-2018-4101 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A security issue has been found in WebKitGTK+ < 2.20.0, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2018-0003.html
Notes
CVE-2018-4113 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in the handling of a function in JavaScriptCore of WebKitGTK+ < 2.20.0, where an unexpected interaction with indexing types caused an ASSERT failure.
References
+ https://webkitgtk.org/security/WSA-2018-0003.html
Notes
CVE-2018-4200 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A memory corruption issue has been found in webkitgtk < 2.20.2, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2018-0004.html#CVE-2018-4200
Notes
CVE-2018-4372 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK+ versions prior to 2.22.4, possibly leading to arbitrary code execution while parsing crafted web content.
References
+ https://webkitgtk.org/security/WSA-2018-0008.html#CVE-2018-4372
Notes
CVE-2018-4437 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK+ before 2.22.5, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2018-0009.html#CVE-2018-4437
Notes
CVE-2018-4945 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A type confusion issue has been found in Adobe Flash Player before 30.0.0.113, leading to arbitrary code execution.
References
+ https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Notes
CVE-2018-5000 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An integer overflow issue has been found in Adobe Flash Player before 30.0.0.113, leading to information disclosure.
References
+ https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Notes
CVE-2018-5001 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in Adobe Flash Player before 30.0.0.113, leading to information disclosure.
References
+ https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Notes