CVE-2018-6381
- EPSS 1.7%
- Veröffentlicht 29.01.2018 17:29:00
- Zuletzt bearbeitet 10.07.2025 15:44:54
In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size v...
CVE-2017-18079
- EPSS 0.42%
- Veröffentlicht 29.01.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:19
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is va...
CVE-2018-5750
- EPSS 0.49%
- Veröffentlicht 26.01.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:18
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2017-15132
- EPSS 3.12%
- Veröffentlicht 25.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:08
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are re...
CVE-2018-6196
- EPSS 2.94%
- Veröffentlicht 25.01.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:16
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
CVE-2018-6197
- EPSS 4.39%
- Veröffentlicht 25.01.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:16
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
CVE-2018-6198
- EPSS 0.4%
- Veröffentlicht 25.01.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:16
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
CVE-2018-1000005
- EPSS 4.56%
- Veröffentlicht 24.01.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:24
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one b...
CVE-2018-1000007
- EPSS 8.03%
- Veröffentlicht 24.01.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:24
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow r...
CVE-2017-18075
- EPSS 0.41%
- Veröffentlicht 24.01.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:18
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree ...