Security Vulnerabilities - CVEs Published In 2018
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-11-26
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-11-25
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-11-25
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
CVSS Score
7.5
EPSS Score
0.939
Published
2018-11-25
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-11-24
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
CVSS Score
7.2
EPSS Score
0.023
Published
2018-11-23
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-11-23
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-11-23
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-11-23
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-11-23