CVE-2018-1060
- EPSS 5.29%
- Veröffentlicht 18.06.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:05
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1152
- EPSS 3.45%
- Veröffentlicht 18.06.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:17
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVE-2018-11574
- EPSS 1.9%
- Veröffentlicht 14.06.2018 20:29:00
- Zuletzt bearbeitet 03.12.2025 21:15:47
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes ...
CVE-2018-0495
- EPSS 0.89%
- Veröffentlicht 13.06.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:21
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka ...
CVE-2018-11806
- EPSS 0.82%
- Veröffentlicht 13.06.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:44:04
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-12264
- EPSS 2.89%
- Veröffentlicht 13.06.2018 11:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:53
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
CVE-2018-12265
- EPSS 2.89%
- Veröffentlicht 13.06.2018 11:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:53
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
- EPSS 0.38%
- Veröffentlicht 12.06.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:27
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by s...
CVE-2018-0732
- EPSS 49.27%
- Veröffentlicht 12.06.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:49
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result...
CVE-2018-12233
- EPSS 2.34%
- Veröffentlicht 12.06.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:49
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered b...