Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
CVSS Score
6.6
EPSS Score
0.013
Published
2018-06-20
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVSS Score
8.8
EPSS Score
0.033
Published
2018-06-20
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVSS Score
8.8
EPSS Score
0.033
Published
2018-06-20
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-06-20
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
CVSS Score
2.8
EPSS Score
0.073
Published
2018-06-20
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVSS Score
7.5
EPSS Score
0.071
Published
2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVSS Score
6.5
EPSS Score
0.05
Published
2018-06-19
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-06-19
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
CVSS Score
8.8
EPSS Score
0.025
Published
2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVSS Score
4.3
EPSS Score
0.051
Published
2018-06-18


Contact Us

Shodan ® - All rights reserved