Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
OpensuseLeap

17 matches found

CVE
CVEadded 2018/09/25 12:29 a.m.572 views

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming la...

7.5CVSS7.5AI score0.01407EPSS
CVE
CVEadded 2018/09/18 5:29 p.m.320 views

CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary fil...

9.8CVSS9.8AI score0.21328EPSS
CVE
CVEadded 2018/09/04 4:29 p.m.270 views

CVE-2018-10930

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

6.5CVSS7AI score0.00776EPSS
CVE
CVEadded 2018/09/04 3:29 p.m.254 views

CVE-2018-10926

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

8.8CVSS8.6AI score0.01028EPSS
CVE
CVEadded 2018/09/04 4:29 p.m.243 views

CVE-2018-10929

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

8.8CVSS8.6AI score0.01121EPSS
CVE
CVEadded 2018/09/04 3:29 p.m.241 views

CVE-2018-10927

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.

8.1CVSS7.9AI score0.01765EPSS
CVE
CVEadded 2018/09/04 3:29 p.m.240 views

CVE-2018-10928

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...

8.8CVSS8.6AI score0.01101EPSS
CVE
CVEadded 2018/09/04 1:29 p.m.224 views

CVE-2018-10907

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffe...

8.8CVSS8.5AI score0.02169EPSS
CVE
CVEadded 2018/09/03 7:29 p.m.224 views

CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

9.8CVSS9.6AI score0.01093EPSS
CVE
CVEadded 2018/09/04 2:29 p.m.222 views

CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

6.5CVSS6.7AI score0.01007EPSS
CVE
CVEadded 2018/09/04 2:29 p.m.216 views

CVE-2018-10911

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

7.5CVSS7.1AI score0.04553EPSS
CVE
CVEadded 2018/09/04 1:29 p.m.215 views

CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient acces...

8.8CVSS8.6AI score0.01279EPSS
CVE
CVEadded 2018/09/04 2:29 p.m.215 views

CVE-2018-10914

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

6.5CVSS7AI score0.05767EPSS
CVE
CVEadded 2018/09/04 2:29 p.m.215 views

CVE-2018-10923

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.

8.1CVSS8AI score0.0127EPSS
CVE
CVEadded 2018/09/03 7:29 p.m.168 views

CVE-2018-16412

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.

8.8CVSS7.2AI score0.00387EPSS
CVE
CVEadded 2018/09/21 7:29 a.m.142 views

CVE-2018-17294

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

6.5CVSS6.4AI score0.0053EPSS
CVE
CVEadded 2018/09/21 4:29 p.m.115 views

CVE-2018-16597

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

5.5CVSS5.7AI score0.00092EPSS