Canonical: Security Vulnerabilities
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
CVSS Score
9.8
EPSS Score
0.939
Published
2017-10-14
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-10-14
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVSS Score
8.8
EPSS Score
0.006
Published
2017-10-12
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.021
Published
2017-10-11
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
CVSS Score
9.8
EPSS Score
0.049
Published
2017-10-11
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-10-10
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-10-10
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
CVSS Score
6.5
EPSS Score
0.013
Published
2017-10-10
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-10-05
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-10-05