CVE-2018-7253
- EPSS 2.92%
- Veröffentlicht 19.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:53
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
CVE-2018-7225
- EPSS 6.22%
- Veröffentlicht 19.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:49
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an ...
CVE-2018-5378
- EPSS 74.6%
- Veröffentlicht 19.02.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:41
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may c...
CVE-2018-5379
- EPSS 39.05%
- Veröffentlicht 19.02.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:41
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an...
CVE-2018-5380
- EPSS 15.11%
- Veröffentlicht 19.02.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:42
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
CVE-2018-5381
- EPSS 30.67%
- Veröffentlicht 19.02.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:42
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Proto...
CVE-2018-1049
- EPSS 7.26%
- Veröffentlicht 16.02.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:04
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will h...
CVE-2017-18190
- EPSS 2.98%
- Veröffentlicht 16.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:31
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost....
CVE-2018-7050
- EPSS 2.35%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:33
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
CVE-2018-7051
- EPSS 2.49%
- Veröffentlicht 15.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:34
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.