CVE-2018-18310
- EPSS 1.46%
- Veröffentlicht 15.10.2018 02:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:40
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated b...
CVE-2018-17963
- EPSS 4.78%
- Veröffentlicht 09.10.2018 22:29:01
- Zuletzt bearbeitet 21.11.2024 03:55:17
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17958
- EPSS 6.17%
- Veröffentlicht 09.10.2018 22:29:00
- Zuletzt bearbeitet 28.04.2026 16:16:03
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-17962
- EPSS 4.5%
- Veröffentlicht 09.10.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:17
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2018-18074
- EPSS 7.44%
- Veröffentlicht 09.10.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 03:55:26
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
CVE-2018-18065
- EPSS 17.19%
- Veröffentlicht 08.10.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:25
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-1000805
- EPSS 4.41%
- Veröffentlicht 08.10.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:23
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-1000807
- EPSS 4.08%
- Veröffentlicht 08.10.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:23
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This...
CVE-2018-1000808
- EPSS 1.9%
- Veröffentlicht 08.10.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:23
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. Th...
CVE-2018-18021
- EPSS 0.57%
- Veröffentlicht 07.10.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:23
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of ...