|
2018-06-18
|
CVE-2018-1333
|
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
|
Http_server, Ubuntu_linux, Cloud_backup, Storage_automation_store, Jboss_core_services
|
7.5
|
|
|
|
2018-06-19
|
CVE-2018-1061
|
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
|
Ubuntu_linux, Debian_linux, Fedora, Python, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
7.5
|
|
|
|
2018-06-19
|
CVE-2018-10811
|
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
|
Ubuntu_linux, Debian_linux, Fedora, Strongswan
|
7.5
|
|
|
|
2018-07-05
|
CVE-2018-12910
|
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
|
Ubuntu_linux, Debian_linux, Libsoup, Leap, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openshift_container_platform
|
9.8
|
|
|
|
2018-07-06
|
CVE-2018-13405
|
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is...
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Fedora, Linux_kernel, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mrg_realtime, Virtualization
|
7.8
|
|
|
|
2018-08-27
|
CVE-2018-15908
|
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
|
Ghostscript, Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation
|
7.8
|
|
|
|
2018-08-28
|
CVE-2018-15911
|
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
|
Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
7.8
|
|
|
|
2018-08-27
|
CVE-2018-15909
|
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
|
Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
7.8
|
|
|
|
2018-08-27
|
CVE-2018-15910
|
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
|
Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation
|
7.8
|
|
|
|
2018-09-06
|
CVE-2018-5391
|
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Linux_kernel, Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Ruggedcom_rm1224_firmware, Ruggedcom_rox_ii_firmware, Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_sc\-600_firmware, Scalance_w1700_ieee_802\.11ac_firmware, Scalance_w700_ieee_802\.11a\/b\/g\/n_firmware, Simatic_net_cp_1242\-7_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-7_lte_eu_firmware, Simatic_net_cp_1243\-7_lte_us_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_rf185c_firmware, Simatic_rf186c_firmware, Simatic_rf186ci_firmware, Simatic_rf188_firmware, Simatic_rf188ci_firmware, Sinema_remote_connect_server_firmware
|
7.5
|
|
|