CVE-2017-18254
- EPSS 1.78%
- Veröffentlicht 27.03.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:41
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
CVE-2017-15710
- EPSS 18.2%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:15:03
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If th...
CVE-2017-15715
- EPSS 86.01%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:15:04
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some...
CVE-2018-1283
- EPSS 10.12%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:32
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION...
CVE-2018-1301
- EPSS 15.56%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri...
CVE-2018-1302
- EPSS 13.44%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard t...
CVE-2018-1303
- EPSS 70.78%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of ...
CVE-2018-1312
- EPSS 15.89%
- Veröffentlicht 26.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:36
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con...
CVE-2018-1000140
- EPSS 9.66%
- Veröffentlicht 23.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:46
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to ...
CVE-2018-8960
- EPSS 4.49%
- Veröffentlicht 23.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:41
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.