CVE-2018-11490
- EPSS 2.48%
- Veröffentlicht 26.05.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:28
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to ...
CVE-2018-11469
- EPSS 3.06%
- Veröffentlicht 25.05.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:25
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check...
CVE-2018-11440
- EPSS 3.24%
- Veröffentlicht 25.05.2018 11:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:22
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2018-11412
- EPSS 16.35%
- Veröffentlicht 24.05.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:18
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a d...
CVE-2018-8013
- EPSS 19.52%
- Veröffentlicht 24.05.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:05
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before ...
CVE-2018-1000199
- EPSS 1.22%
- Veröffentlicht 24.05.2018 13:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:55
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptra...
CVE-2018-1000300
- EPSS 4.86%
- Veröffentlicht 24.05.2018 13:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:58
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection wit...
CVE-2018-1000301
- EPSS 6%
- Veröffentlicht 24.05.2018 13:29:01
- Zuletzt bearbeitet 15.04.2026 21:16:59
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP...
CVE-2018-11410
- EPSS 5.11%
- Veröffentlicht 24.05.2018 07:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:18
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- EPSS 1.3%
- Veröffentlicht 23.05.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:13
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities...