Shodan
Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
CVE-2018-1000654
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-08-20
CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.006
Published
2018-07-26
CVE-2018-14524
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-23
CVE-2018-14471
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-20
CVE-2018-14443
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-20
CVE-2018-14346
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
CVSS Score
8.8
EPSS Score
0.005
Published
2018-07-17
CVE-2018-14347
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-17
CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-12
CVE-2018-13033
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
CVSS Score
5.5
EPSS Score
0.015
Published
2018-07-01
CVE-2018-12934
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved