CVE-2018-17456
- EPSS 97.36%
- Veröffentlicht 06.10.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:27
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has ...
CVE-2018-11784
- EPSS 94.49%
- Veröffentlicht 04.10.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:01
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause...
CVE-2018-17972
- EPSS 0.35%
- Veröffentlicht 03.10.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:18
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwindi...
CVE-2018-17540
- EPSS 3.51%
- Veröffentlicht 03.10.2018 20:29:09
- Zuletzt bearbeitet 21.11.2024 03:54:34
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
CVE-2018-17581
- EPSS 2.35%
- Veröffentlicht 28.09.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:38
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
CVE-2018-16151
- EPSS 1.89%
- Veröffentlicht 26.09.2018 21:29:01
- Zuletzt bearbeitet 03.12.2025 21:15:50
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verificati...
CVE-2018-16152
- EPSS 1.89%
- Veröffentlicht 26.09.2018 21:29:01
- Zuletzt bearbeitet 03.12.2025 21:15:50
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature ve...
CVE-2018-11763
- EPSS 51%
- Veröffentlicht 25.09.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:58
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitiga...
CVE-2018-14634
- EPSS 14.81%
- Veröffentlicht 25.09.2018 21:29:00
- Zuletzt bearbeitet 27.01.2026 15:55:15
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6...
CVE-2018-14633
- EPSS 8.74%
- Veröffentlicht 25.09.2018 00:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:28
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer over...