ONCALLBlog, Security, Tech
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-19406
PUBLISHED: 2018-11-21

kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.

CVE-2018-19407
PUBLISHED: 2018-11-21

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.

CVE-2018-19404
PUBLISHED: 2018-11-21


In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= …

CVE-2018-19387
PUBLISHED: 2018-11-20

format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.

CVE-2018-19388
PUBLISHED: 2018-11-20

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.

Related Articles
Are Your Kids Part of the TikTok App Craze? Here’s What Parents Need to Know
First American Financial Corp. Left Mortgage Data Exposed on Website
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
MENU
%d bloggers like this: