Lucene search

K

159 matches found

CVE
CVE
added 2018/04/29 9:29 p.m.585 views

CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

8.8CVSS7.8AI score0.04541EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.558 views

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensit...

4.7CVSS5.5AI score0.00073EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.536 views

CVE-2018-10547

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomple...

6.1CVSS7.2AI score0.89192EPSS
CVE
CVE
added 2018/04/06 1:29 p.m.527 views

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE...

7.8CVSS7.8AI score0.43395EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.461 views

CVE-2018-10548

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

7.5CVSS6.2AI score0.65467EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.397 views

CVE-2018-10546

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

7.5CVSS6.8AI score0.58915EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.350 views

CVE-2017-17742

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

5.3CVSS6.8AI score0.00815EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.310 views

CVE-2018-8780

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

9.1CVSS7.1AI score0.01214EPSS
CVE
CVE
added 2018/04/24 6:29 a.m.305 views

CVE-2018-10323

The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.

5.5CVSS6.5AI score0.00084EPSS
CVE
CVE
added 2018/04/23 7:29 p.m.305 views

CVE-2018-8781

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.279 views

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

9.8CVSS7.1AI score0.01877EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.258 views

CVE-2017-2885

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

9.8CVSS9.7AI score0.09382EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.253 views

CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...

7.7CVSS6.6AI score0.00159EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.252 views

CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

9.8CVSS8AI score0.0345EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.246 views

CVE-2018-2813

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

4.3CVSS4.2AI score0.00259EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.246 views

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.

7.5CVSS7AI score0.01652EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.237 views

CVE-2018-2799

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network ...

5.3CVSS5AI score0.0014EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.228 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled informati...

7.5CVSS6.8AI score0.00484EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.227 views

CVE-2018-2817

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.5CVSS6AI score0.00223EPSS
CVE
CVE
added 2018/04/06 1:29 p.m.226 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to...

9.8CVSS9.4AI score0.89353EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.225 views

CVE-2017-13305

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

7.1CVSS5.5AI score0.00063EPSS
CVE
CVE
added 2018/04/04 2:29 a.m.220 views

CVE-2018-9251

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

5.3CVSS6.6AI score0.01311EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.219 views

CVE-2018-2771

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

4.4CVSS5AI score0.00094EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.219 views

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.

7.5CVSS7AI score0.00909EPSS
CVE
CVE
added 2018/04/18 4:29 p.m.217 views

CVE-2018-1088

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

8.1CVSS8AI score0.05224EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.217 views

CVE-2018-8777

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

7.5CVSS6.8AI score0.01233EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.214 views

CVE-2017-18257

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.

5.5CVSS5.6AI score0.00127EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.209 views

CVE-2018-2819

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6AI score0.00223EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.206 views

CVE-2018-2761

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

5.9CVSS5.6AI score0.00241EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.199 views

CVE-2018-2781

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS5.4AI score0.00093EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.187 views

CVE-2018-2790

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mult...

3.1CVSS3.9AI score0.00268EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.183 views

CVE-2018-2800

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compro...

4.2CVSS4.3AI score0.00167EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.183 views

CVE-2018-2814

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multi...

8.3CVSS8.1AI score0.00337EPSS
CVE
CVE
added 2018/04/18 9:29 p.m.179 views

CVE-2018-10194

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp...

7.8CVSS7.2AI score0.00286EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.179 views

CVE-2018-2794

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

7.7CVSS7.7AI score0.0007EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.175 views

CVE-2018-2815

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

5.3CVSS4.9AI score0.00521EPSS
CVE
CVE
added 2018/04/25 9:29 p.m.173 views

CVE-2017-6888

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

5.5CVSS5.3AI score0.00085EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.169 views

CVE-2018-2796

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with n...

5.3CVSS5AI score0.00523EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.167 views

CVE-2018-2798

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with ne...

5.3CVSS5AI score0.0022EPSS
CVE
CVE
added 2018/04/29 3:29 p.m.166 views

CVE-2018-10536

An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

7.8CVSS5.9AI score0.01005EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.166 views

CVE-2018-2797

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with ne...

5.3CVSS5AI score0.00182EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.166 views

CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

7.5CVSS8AI score0.01202EPSS
CVE
CVE
added 2018/04/16 9:58 a.m.160 views

CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted do...

7.8CVSS8AI score0.00185EPSS
CVE
CVE
added 2018/04/29 3:29 p.m.158 views

CVE-2018-10537

An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

7.8CVSS5.9AI score0.00962EPSS
CVE
CVE
added 2018/04/29 3:29 p.m.157 views

CVE-2018-10538

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calcu...

5.5CVSS5.7AI score0.00643EPSS
CVE
CVE
added 2018/04/29 3:29 p.m.157 views

CVE-2018-10539

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_cop...

5.5CVSS5.7AI score0.00616EPSS
CVE
CVE
added 2018/04/16 2:29 p.m.156 views

CVE-2018-10124

The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.

5.5CVSS5.6AI score0.00076EPSS
CVE
CVE
added 2018/04/16 9:58 a.m.145 views

CVE-2018-10102

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

6.1CVSS5.8AI score0.0615EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.145 views

CVE-2018-2795

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

5.3CVSS5AI score0.00182EPSS
CVE
CVE
added 2018/04/29 3:29 p.m.143 views

CVE-2018-10540

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy c...

5.5CVSS5.7AI score0.00375EPSS
Total number of security vulnerabilities159