Security Vulnerabilities - CVEs Published In February 2018
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-02-27
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-02-27
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-02-27
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-02-27
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-02-27
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-27
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.
CVSS Score
2.7
EPSS Score
0.002
Published
2018-02-27
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.
CVSS Score
7.5
EPSS Score
0.112
Published
2018-02-27
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-02-27
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
CVSS Score
4.7
EPSS Score
0.0
Published
2018-02-27