- EPSS 11.12%
- Veröffentlicht 05.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:26
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocat...
CVE-2018-16540
- EPSS 1.56%
- Veröffentlicht 05.09.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:56
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
CVE-2018-16542
- EPSS 1.91%
- Veröffentlicht 05.09.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:56
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
CVE-2018-10930
- EPSS 2.11%
- Veröffentlicht 04.09.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:19
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10926
- EPSS 2.6%
- Veröffentlicht 04.09.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:19
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
CVE-2018-10928
- EPSS 2.7%
- Veröffentlicht 04.09.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:19
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing any...
CVE-2018-10936
- EPSS 2.91%
- Veröffentlicht 30.08.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:20
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle atta...
CVE-2018-14622
- EPSS 3.86%
- Veröffentlicht 30.08.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:26
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file de...
- EPSS 8.95%
- Veröffentlicht 26.08.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 01:28:55
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control ...
CVE-2015-5160
- EPSS 0.41%
- Veröffentlicht 20.08.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:32:28
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.