CVE-2017-18187
- EPSS 3.18%
- Veröffentlicht 14.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:30
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
CVE-2018-0487
- EPSS 3.32%
- Veröffentlicht 13.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:20
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification w...
CVE-2018-0488
- EPSS 4.88%
- Veröffentlicht 13.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:20
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within ...
CVE-2018-6927
- EPSS 0.65%
- Veröffentlicht 12.02.2018 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:11:26
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2018-1000041
- EPSS 2.24%
- Veröffentlicht 09.02.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:30
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers thro...
CVE-2018-1000051
- EPSS 1.72%
- Veröffentlicht 09.02.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:31
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
CVE-2018-1000024
- EPSS 8.08%
- Veröffentlicht 09.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:27
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This att...
CVE-2018-1000026
- EPSS 3.9%
- Veröffentlicht 09.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:27
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear...
CVE-2018-1000027
- EPSS 13.15%
- Veröffentlicht 09.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:27
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the pro...
- EPSS 0.49%
- Veröffentlicht 09.02.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:04
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when t...