CVE-2018-1336
- EPSS 20.6%
- Veröffentlicht 02.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:38
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and ...
CVE-2015-9262
- EPSS 5.91%
- Veröffentlicht 01.08.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:11
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
CVE-2018-8034
- EPSS 21.3%
- Veröffentlicht 01.08.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:08
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
CVE-2018-10916
- EPSS 4.78%
- Veröffentlicht 01.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:17
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirr...
CVE-2018-10883
- EPSS 0.53%
- Veröffentlicht 30.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:13
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
CVE-2018-10903
- EPSS 3.2%
- Veröffentlicht 30.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:16
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an...
CVE-2017-7518
- EPSS 0.7%
- Veröffentlicht 30.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:03
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/pr...
CVE-2016-9597
- EPSS 4.48%
- Veröffentlicht 30.07.2018 14:29:02
- Zuletzt bearbeitet 21.11.2024 03:01:28
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression C...
CVE-2018-14734
- EPSS 0.57%
- Veröffentlicht 29.07.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:42
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
CVE-2018-14679
- EPSS 3.31%
- Veröffentlicht 28.07.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:34
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).