CVE-2017-15394
- EPSS 1.92%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
CVE-2017-15395
- EPSS 1.29%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
CVE-2017-5124
- EPSS 5.25%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:27:06
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
CVE-2018-6574
- EPSS 7.77%
- Veröffentlicht 07.02.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:55
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not bloc...
CVE-2018-6794
- EPSS 24.71%
- Veröffentlicht 07.02.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:12
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server wi...
CVE-2018-6799
- EPSS 2.58%
- Veröffentlicht 07.02.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:13
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging a...
CVE-2018-6791
- EPSS 0.79%
- Veröffentlicht 07.02.2018 02:29:01
- Zuletzt bearbeitet 21.11.2024 04:11:12
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a sh...
CVE-2018-6767
- EPSS 2.95%
- Veröffentlicht 06.02.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:08
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
CVE-2017-15095
- EPSS 8.41%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:03
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe...
CVE-2017-7525
- EPSS 37.93%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:04
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj...