CVE-2018-6914
- EPSS 10.55%
- Veröffentlicht 03.04.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:24
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files vi...
CVE-2018-8777
- EPSS 4.64%
- Veröffentlicht 03.04.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:17
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of...
CVE-2018-8778
- EPSS 7.83%
- Veröffentlicht 03.04.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:17
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method...
CVE-2017-15710
- EPSS 18.2%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:15:03
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If th...
CVE-2017-15715
- EPSS 86.01%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:15:04
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some...
CVE-2018-1283
- EPSS 10.12%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:32
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION...
CVE-2018-1301
- EPSS 15.56%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri...
CVE-2017-2619
- EPSS 11.09%
- Veröffentlicht 12.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:50
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2016-5314
- EPSS 4.65%
- Veröffentlicht 12.03.2018 02:29:00
- Zuletzt bearbeitet 21.11.2024 02:54:04
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated...
CVE-2016-8612
- EPSS 4.69%
- Veröffentlicht 09.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:59:40
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.