Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11071 | 1 Emc | 2 Isilon Onefs, Isilonsd Edge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.
|
|||||
| CVE-2018-11046 | 1 Pivotal Software | 1 Operations Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager
|
|||||
| CVE-2018-11044 | 1 Pivotal Software | 1 Pivotal Application Service | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
|
|||||
| CVE-2018-11035 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.
|
|||||
| CVE-2018-11034 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.
|
|||||
| CVE-2018-10995 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
|
|||||
| CVE-2018-10977 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4.
|
|||||
| CVE-2018-10976 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050.
|
|||||
| CVE-2018-10975 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104.
|
|||||
| CVE-2018-10974 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100.
|
|||||
| CVE-2018-10955 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548.
|
|||||
| CVE-2018-10954 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550.
|
|||||
| CVE-2018-10953 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C.
|
|||||
| CVE-2018-10952 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088.
|
|||||
| CVE-2018-10947 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-11-21 | 2.9 LOW | 3.1 LOW |
|
An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.
|
|||||
| CVE-2018-10943 | 1 Barco | 4 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.
|
|||||
| CVE-2018-10935 | 1 Redhat | 1 389 Directory Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
|
|||||
| CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
|
|||||
| CVE-2018-10929 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
|
|||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
|
|||||
| CVE-2018-10926 | 4 Debian, Gluster, Opensuse and 1 more | 6 Debian Linux, Glusterfs, Leap and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
|
|||||
| CVE-2018-10923 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
|
|||||
| CVE-2018-10922 | 1 Ttembed Project | 1 Ttembed | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.
|
|||||
| CVE-2018-10921 | 1 Ttembed Project | 1 Ttembed | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls.
|
|||||
| CVE-2018-10920 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
|
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
|
|||||
| CVE-2018-10916 | 3 Canonical, Lftp Project, Opensuse | 3 Ubuntu Linux, Lftp, Leap | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
|
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.
|
|||||
| CVE-2018-10908 | 2 Ovirt, Redhat | 2 Vdsm, Virtualization | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
|
|||||
| CVE-2018-10903 | 3 Canonical, Cryptography, Redhat | 3 Ubuntu Linux, Python-cryptography, Openstack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
|
|||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 2 Jolokia, Openstack | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
|
|||||
| CVE-2018-10891 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
|
|||||
| CVE-2018-10888 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
|
|||||
| CVE-2018-10885 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
|
|||||
| CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
|
|||||
| CVE-2018-10873 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
|
|||||
| CVE-2018-10870 | 1 Redhat | 2 Certification, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
|
|||||
| CVE-2018-10858 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.5 MEDIUM | 4.3 MEDIUM |
|
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
|
|||||
| CVE-2018-10843 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 9.0 HIGH | 8.5 HIGH |
|
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
|
|||||
| CVE-2018-10830 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.
|
|||||
| CVE-2018-10828 | 1 Alps | 1 Pointing-device Driver | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.
|
|||||
| CVE-2018-10809 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
|
In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873.
|
|||||