Log

CVE-2018-5744 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9.13.7. By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.
References
+ https://kb.isc.org/docs/cve-2018-5744
Notes
CVE-2018-5745 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Before 9.13.7, due to an error in the managed-keys feature, it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.
References
+ https://kb.isc.org/docs/cve-2018-5745
Notes
CVE-2018-5764 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
References
+ https://git.samba.org/?p=rsync.git;a=commitdiff;h=7706303828fcde524222babb2833864a4bd09e07
Notes
CVE-2018-5784 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ In LibTIFF before 4.0.10, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
References
+ http://bugzilla.maptools.org/show_bug.cgi?id=2772
+ https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
Notes
CVE-2018-6085 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability has been found in the Disk Cache component of the Chromium browser before 66.0.3359.117.
References
+ https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
+ https://crbug.com/826626
Notes
CVE-2018-6086 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability has been found in the Disk Cache component of the Chromium browser before 66.0.3359.117.
References
+ https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
+ https://crbug.com/827492
Notes
CVE-2018-6087 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability has been found in the WebAssembly component of the Chromium browser before 66.0.3359.117.
References
+ https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
+ https://crbug.com/813876
Notes
CVE-2018-6088 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability has been found in the PDFium component of the Chromium browser before 66.0.3359.117.
References
+ https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
+ https://crbug.com/822091
Notes
CVE-2018-6089 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Same-origin policy bypass
Description
+ A same-origin policy bypass vulnerability has been found in the Service Worker component of the Chromium browser before 66.0.3359.117.
References
+ https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
+ https://crbug.com/808838
Notes
CVE-2018-6090 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap-base buffer overflow vulnerability has been found in the Skia component of the Chromium browser before 66.0.3359.117.
References
+ https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
+ https://crbug.com/808838
Notes