CVE-2018-1049
- EPSS 7.26%
- Veröffentlicht 16.02.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:04
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will h...
CVE-2017-18190
- EPSS 2.98%
- Veröffentlicht 16.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:31
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost....
CVE-2018-7187
- EPSS 63.23%
- Veröffentlicht 16.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:45
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a...
CVE-2018-7186
- EPSS 3.47%
- Veröffentlicht 16.02.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:45
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long...
CVE-2018-7050
- EPSS 2.35%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:33
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVE-2018-7051
- EPSS 2.49%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:34
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
CVE-2018-7052
- EPSS 2.35%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:34
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
CVE-2018-7053
- EPSS 2.45%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:34
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
CVE-2018-7054
- EPSS 2.43%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:34
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
CVE-2017-18189
- EPSS 5.15%
- Veröffentlicht 15.02.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:31
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.