Vulnerability & Exploit Database

Displaying entries 241 - 250 of 136716 in total

Ubuntu: (Multiple Advisories) (CVE-2018-14633): Linux kernel (Xenial HWE) vulnerabilities Vulnerability

  • Severity: 4
  • Published: September 24, 2018

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be en...

Debian: CVE-2018-16152: strongswan -- security update Vulnerability

  • Severity: 4
  • Published: September 24, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-4305:

Sze Yiu Chau and his team from Purdue University and The University of Iowa

found several issues in the gmp plugin for strongSwan, an...

Debian: CVE-2018-16151: strongswan -- security update Vulnerability

  • Severity: 4
  • Published: September 24, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-4305:

Sze Yiu Chau and his team from Purdue University and The University of Iowa

found several issues in the gmp plugin for strongSwan, an...

Debian: CVE-2018-14647: python3.5 -- security update Vulnerability

  • Severity: 4
  • Published: September 24, 2018

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7...

Debian: CVE-2018-14633: linux -- security update Vulnerability

  • Severity: 4
  • Published: September 24, 2018

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be en...

Amazon Linux AMI: CVE-2018-14633: Security patch for kernel (ALAS-2018-1086) Vulnerability

  • Severity: 4
  • Published: September 24, 2018

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be en...

SUSE: CVE-2018-17407: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: September 23, 2018

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.

Ubuntu: USN-3772-1 (CVE-2018-17336): UDisks vulnerability Vulnerability

  • Severity: 4
  • Published: September 22, 2018

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

SUSE: CVE-2018-16597: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: September 21, 2018

An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

SUSE: CVE-2018-12385: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: September 21, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2018-12385:

This CVE is addressed in the SUSE advisories openSUSE-SU-2018:2817-1.