Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1110 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
|
|||||
| CVE-2018-1104 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
|
|||||
| CVE-2018-1103 | 1 Redhat | 1 Source-to-image | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
|
|||||
| CVE-2018-1102 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
|
|||||
| CVE-2018-1099 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
|
|||||
| CVE-2018-1086 | 3 Clusterlabs, Debian, Redhat | 3 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux Server Eus | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
|
|||||
| CVE-2018-1078 | 1 Opendaylight | 1 Openflow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.
|
|||||
| CVE-2018-1070 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.
|
|||||
| CVE-2018-1061 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
|
|||||
| CVE-2018-1060 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
|
|||||
| CVE-2018-1058 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
|
|||||
| CVE-2018-1051 | 1 Redhat | 1 Resteasy | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
|
|||||
| CVE-2018-1047 | 1 Redhat | 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
|
|||||
| CVE-2018-1016 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015.
|
|||||
| CVE-2018-1015 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016.
|
|||||
| CVE-2018-1013 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016.
|
|||||
| CVE-2018-1012 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.
|
|||||
| CVE-2018-1010 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.
|
|||||
| CVE-2018-19980 | 1 Anker | 2 Nebula Capsule Projector, Nebula Capsule Projector Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
|
|||||
| CVE-2018-19967 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.
|
|||||
| CVE-2018-19960 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
|
|||||
| CVE-2018-19952 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
|
|||||
| CVE-2018-19945 | 1 Qnap | 1 Qts | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
|
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.
|
|||||
| CVE-2018-19936 | 1 Printeron | 1 Printeron | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
|
|||||
| CVE-2018-19869 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
|
|||||
| CVE-2018-19864 | 1 Nuuo | 1 Nvrmini2 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
|
|||||
| CVE-2018-19791 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
|
|||||
| CVE-2018-19788 | 3 Canonical, Debian, Polkit Project | 3 Ubuntu Linux, Debian Linux, Polkit | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
|
|||||
| CVE-2018-19755 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
|
|||||
| CVE-2018-19654 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.
|
|||||
| CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 5.1 MEDIUM |
|
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
|
|||||
| CVE-2018-19640 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
|
|||||
| CVE-2018-19636 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
|
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
|
|||||
| CVE-2018-19629 | 1 Hyland | 1 Perceptive Content Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection.
|
|||||
| CVE-2018-19580 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.
|
|||||
| CVE-2018-19556 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability
|
|||||
| CVE-2018-19531 | 1 Httl Project | 1 Httl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.
|
|||||
| CVE-2018-19530 | 1 Httl Project | 1 Httl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.
|
|||||
| CVE-2018-19524 | 1 Skyworthdigital | 6 Dt721-cb, Dt721-cb Firmware, Dt740 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.
|
|||||
| CVE-2018-19522 | 1 Driveragent | 1 Driveragent | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.
|
|||||