CVE-2018-14661
- EPSS 2.66%
- Veröffentlicht 31.10.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:32
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot...
CVE-2018-14652
- EPSS 2.75%
- Veröffentlicht 31.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:30
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could ex...
CVE-2018-14653
- EPSS 2.77%
- Veröffentlicht 31.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:30
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of ser...
CVE-2018-14654
- EPSS 2.63%
- Veröffentlicht 31.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:31
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on t...
CVE-2018-14659
- EPSS 2.17%
- Veröffentlicht 31.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:31
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly cal...
CVE-2018-16842
- EPSS 2.1%
- Veröffentlicht 31.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:25
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
CVE-2018-16839
- EPSS 5.78%
- Veröffentlicht 31.10.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:25
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2018-18873
- EPSS 1.37%
- Veröffentlicht 31.10.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:47
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVE-2018-16468
- EPSS 0.91%
- Veröffentlicht 30.10.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:48
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
CVE-2018-18281
- EPSS 1.06%
- Veröffentlicht 30.10.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:38
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain f...