CVE-2018-5248
- EPSS 3.54%
- Veröffentlicht 05.01.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:25
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
CVE-2017-1665
- EPSS 0.83%
- Veröffentlicht 04.01.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:22:11
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.
CVE-2017-5715
- EPSS 74.04%
- Veröffentlicht 04.01.2018 13:29:00
- Zuletzt bearbeitet 06.05.2025 15:15:51
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-5753
- EPSS 93.84%
- Veröffentlicht 04.01.2018 13:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:25
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-1000472
- EPSS 1.68%
- Veröffentlicht 03.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:48
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompre...
CVE-2017-1000487
- EPSS 6.54%
- Veröffentlicht 03.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:50
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVE-2017-1000476
- EPSS 2.85%
- Veröffentlicht 03.01.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:49
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
CVE-2017-1000501
- EPSS 4.35%
- Veröffentlicht 03.01.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:52
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
- EPSS 52.84%
- Veröffentlicht 03.01.2018 06:29:00
- Zuletzt bearbeitet 03.01.2025 12:15:25
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other im...
CVE-2017-1000433
- EPSS 2.52%
- Veröffentlicht 02.01.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:44
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.