Lucene search

Snap Creator Framework Security Vulnerabilities - 2018

cve

CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as...

9.8CVSS

9.1AI Score

0.007EPSS

2018-06-26 04:29 PM

231

cve

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ...

9.8CVSS

9.2AI Score

0.011EPSS

2018-06-26 05:29 PM

147

cve

CVE-2018-1000632

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or e...

7.5CVSS

7.8AI Score

0.003EPSS

2018-08-20 07:31 PM

340

cve

CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the a...

4.3CVSS

5.1AI Score

0.784EPSS

2018-10-04 01:29 PM

497

cve

CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

7.5CVSS

7.6AI Score

0.52EPSS

2018-06-07 01:29 PM

242

cve

CVE-2018-12538

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storag...

8.8CVSS

8.4AI Score

0.003EPSS

2018-06-22 07:29 PM

104

cve

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS

9.6AI Score

0.003EPSS

2018-12-07 09:29 PM

472

cve

CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS

9.4AI Score

0.021EPSS

2018-12-05 10:29 PM

172

cve

CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.1CVSS

8.9AI Score

0.004EPSS

2018-12-07 09:29 PM

210

cve

CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS

9.4AI Score

0.015EPSS

2018-12-07 09:29 PM

176