Max CVSS | 6.8 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-1312 | 6.8 |
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con
|
07-09-2022 - 17:45 | 26-03-2018 - 15:29 | |
CVE-2018-1283 | 3.5 |
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION
|
06-06-2021 - 11:15 | 26-03-2018 - 15:29 | |
CVE-2018-1302 | 4.3 |
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard t
|
06-06-2021 - 11:15 | 26-03-2018 - 15:29 | |
CVE-2018-1303 | 5.0 |
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of
|
06-06-2021 - 11:15 | 26-03-2018 - 15:29 | |
CVE-2017-15715 | 6.8 |
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some
|
06-06-2021 - 11:15 | 26-03-2018 - 15:29 | |
CVE-2018-8960 | 6.8 |
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
|
19-08-2020 - 02:15 | 23-03-2018 - 21:29 | |
CVE-2018-9018 | 4.3 |
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
|
12-01-2020 - 03:15 | 25-03-2018 - 21:29 | |
CVE-2004-0535 | 2.1 |
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some
|
11-10-2017 - 01:29 | 06-08-2004 - 04:00 |