CVE-2018-0734
- EPSS 12.15%
- Veröffentlicht 30.10.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:50
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1....
CVE-2018-0735
- EPSS 4.76%
- Veröffentlicht 29.10.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:50
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in Ope...
CVE-2018-18751
- EPSS 4.29%
- Veröffentlicht 29.10.2018 12:29:09
- Zuletzt bearbeitet 21.11.2024 03:56:31
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVE-2018-18710
- EPSS 0.5%
- Veröffentlicht 29.10.2018 12:29:05
- Zuletzt bearbeitet 21.11.2024 03:56:25
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds c...
CVE-2018-18690
- EPSS 0.68%
- Veröffentlicht 26.10.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:22
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_...
CVE-2018-6559
- EPSS 0.53%
- Veröffentlicht 26.10.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:54
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
CVE-2018-18661
- EPSS 2.87%
- Veröffentlicht 26.10.2018 14:29:02
- Zuletzt bearbeitet 21.11.2024 03:56:20
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
CVE-2018-15686
- EPSS 2.28%
- Veröffentlicht 26.10.2018 14:29:00
- Zuletzt bearbeitet 09.06.2025 16:15:28
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affec...
- EPSS 1.06%
- Veröffentlicht 26.10.2018 14:29:00
- Zuletzt bearbeitet 09.06.2025 16:15:28
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
CVE-2018-15688
- EPSS 1.68%
- Veröffentlicht 26.10.2018 14:29:00
- Zuletzt bearbeitet 09.06.2025 16:15:28
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.