CVE-2017-12171
- EPSS 8.08%
- Veröffentlicht 26.07.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:08:58
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a res...
CVE-2017-7562
- EPSS 3.3%
- Veröffentlicht 26.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:10
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary prin...
CVE-2018-1002200
- EPSS 13.18%
- Veröffentlicht 25.07.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:39
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-10880
- EPSS 2.91%
- Veröffentlicht 25.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:12
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
CVE-2018-10869
- EPSS 2.77%
- Veröffentlicht 19.07.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:10
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10877
- EPSS 2.25%
- Veröffentlicht 18.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:12
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
CVE-2018-10840
- EPSS 0.67%
- Veröffentlicht 16.07.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:07
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-3693
- EPSS 8.42%
- Veröffentlicht 10.07.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:05:53
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2018-10872
- EPSS 0.47%
- Veröffentlicht 10.07.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:11
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered on...
CVE-2018-1128
- EPSS 1.37%
- Veröffentlicht 10.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:14
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authen...