Max CVSS 10.0 Min CVSS 1.0 Total Count11414
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6083 None
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6082 None
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6081 None
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6080 None
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6079 None
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6078 None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6077 None
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6076 None
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6075 None
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6074 None
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6073 None
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6072 None
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6071 None
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6070 None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6069 None
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6068 None
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6067 None
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6066 None
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6065 None
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6064 None
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6063 None
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6062 None
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6061 None
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6060 None
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6057 None
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17477 None
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17476 None
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17475 None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17474 None
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17473 None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17471 None
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17469 None
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17468 None
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17467 None
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17466 None
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17465 None
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17464 None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17463 None
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17462 None
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-16845 None
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using
07-11-2018 - 09:29 07-11-2018 - 09:29
CVE-2018-16844 None
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the '
07-11-2018 - 09:29 07-11-2018 - 09:29
CVE-2018-16843 None
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option
07-11-2018 - 09:29 07-11-2018 - 09:29
CVE-2018-9516 None
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-9422 None
In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-9363 None
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-18820 None
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of s
05-11-2018 - 14:29 05-11-2018 - 14:29
CVE-2016-2123 None
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database.
01-11-2018 - 09:29 01-11-2018 - 09:29
CVE-2016-2120 None
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for tha
01-11-2018 - 09:29 01-11-2018 - 09:29
CVE-2018-14651 None
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause
31-10-2018 - 18:29 31-10-2018 - 18:29
CVE-2018-14661 None
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot
31-10-2018 - 16:29 31-10-2018 - 16:29
CVE-2016-2125 None
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to othe
31-10-2018 - 16:29 31-10-2018 - 16:29
CVE-2018-16842 None
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-14659 None
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly cal
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-14653 None
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of ser
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-14652 None
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could ex
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-16839 None
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
31-10-2018 - 14:29 31-10-2018 - 14:29
CVE-2018-18718 None
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
29-10-2018 - 08:29 29-10-2018 - 08:29
CVE-2018-14665 None
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the
29-10-2018 - 08:29 25-10-2018 - 16:29
CVE-2018-18585 None
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
22-10-2018 - 22:29 22-10-2018 - 22:29
CVE-2018-18584 None
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
22-10-2018 - 22:29 22-10-2018 - 22:29
CVE-2018-18557 None
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
22-10-2018 - 12:29 22-10-2018 - 12:29
CVE-2018-18541 None
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use the
20-10-2018 - 18:29 20-10-2018 - 18:29
CVE-2018-18284 None
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-5188 None
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5187 None
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunde
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5156 None
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12387 None
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as pa
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12386 None
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12385 None
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12383 None
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format star
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12379 None
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system wit
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12378 None
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62,
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12377 None
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12376 None
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fire
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12374 None
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12373 None
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12372 None
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12367 None
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12366 None
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12365 None
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12364 None
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) at
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12363 None
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentia
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12362 None
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR <
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12361 None
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnera
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12360 None
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12359 None
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-10933 6.4
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
17-10-2018 - 08:29 17-10-2018 - 08:29
CVE-2018-3282 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3251 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3214 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3183 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3180 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3174 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3169 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthentica
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3156 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3149 5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3143 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3139 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows un
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3136 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unau
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3133 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows lo
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2017-5934 None
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15-10-2018 - 15:29 15-10-2018 - 15:29
CVE-2018-15378 None
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be
15-10-2018 - 13:29 15-10-2018 - 13:29
CVE-2018-18073 None
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-17961 None
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-16758 None
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
10-10-2018 - 17:29 10-10-2018 - 17:29
CVE-2018-16738 None
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
10-10-2018 - 17:29 10-10-2018 - 17:29
CVE-2018-18065 None
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
08-10-2018 - 14:29 08-10-2018 - 14:29
CVE-2018-1000805 None
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
08-10-2018 - 11:29 08-10-2018 - 11:29
CVE-2018-18021 None
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of
07-10-2018 - 02:29 07-10-2018 - 02:29
CVE-2018-17456 None
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
06-10-2018 - 10:29 06-10-2018 - 10:29
CVE-2018-11797 None
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
05-10-2018 - 16:29 05-10-2018 - 16:29
CVE-2018-0505 None
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
04-10-2018 - 16:29 04-10-2018 - 16:29
CVE-2018-0504 None
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
04-10-2018 - 16:29 04-10-2018 - 16:29
CVE-2018-0503 None
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
04-10-2018 - 16:29 04-10-2018 - 16:29
CVE-2018-11784 None
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause
04-10-2018 - 09:29 04-10-2018 - 09:29
CVE-2018-17540 None
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
03-10-2018 - 16:29 03-10-2018 - 16:29
CVE-2018-16587 None
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that
27-09-2018 - 20:29 27-09-2018 - 20:29
CVE-2018-16586 None
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image
27-09-2018 - 20:29 27-09-2018 - 20:29
CVE-2018-16152 None
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature ve
26-09-2018 - 17:29 26-09-2018 - 17:29
CVE-2018-16151 None
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verificati
26-09-2018 - 17:29 26-09-2018 - 17:29
CVE-2018-6054 None
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6053 None
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6052 None
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6051 None
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6050 None
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6049 None
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6048 None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6047 None
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6046 None
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6045 None
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6043 None
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6042 None
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6041 None
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6040 None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6039 None
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6038 None
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6037 None
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6036 None
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6035 None
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6034 5.8
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6033 None
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6032 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6031 None
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-14647 None
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions
24-09-2018 - 20:29 24-09-2018 - 20:29
CVE-2018-14633 None
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer over
24-09-2018 - 20:29 24-09-2018 - 20:29
CVE-2018-17281 None
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a speci
24-09-2018 - 18:29 24-09-2018 - 18:29
CVE-2018-17407 None
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnera
23-09-2018 - 17:29 23-09-2018 - 17:29
CVE-2018-17141 None
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17182 None
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, ma
19-09-2018 - 05:29 19-09-2018 - 05:29
CVE-2018-1000802 None
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service
18-09-2018 - 13:29 18-09-2018 - 13:29
CVE-2018-17101 6.8
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-17100 6.8
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-17082 4.3
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in s
16-09-2018 - 11:29 16-09-2018 - 11:29
CVE-2018-16741 7.2
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by
13-09-2018 - 12:29 13-09-2018 - 12:29
CVE-2018-16949 None
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker c
11-09-2018 - 21:29 11-09-2018 - 21:29
CVE-2018-16948 None
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache
11-09-2018 - 21:29 11-09-2018 - 21:29
CVE-2018-16947 None
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being
11-09-2018 - 21:29 11-09-2018 - 21:29
CVE-2018-10935 4.0
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
11-09-2018 - 11:29 11-09-2018 - 11:29
CVE-2018-10853 None
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process co
11-09-2018 - 10:29 11-09-2018 - 10:29
CVE-2016-7074 None
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing ch
11-09-2018 - 09:29 11-09-2018 - 09:29
CVE-2016-7073 None
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing ch
11-09-2018 - 09:29 11-09-2018 - 09:29
CVE-2016-7068 None
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which mi
11-09-2018 - 09:29 11-09-2018 - 09:29
CVE-2016-7072 None
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of fi
10-09-2018 - 13:29 10-09-2018 - 13:29
CVE-2018-16802 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2016-7056 None
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2018-16749 4.3
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
09-09-2018 - 11:29 09-09-2018 - 11:29
CVE-2018-16658 3.6
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-16657 None
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-16646 4.3
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
06-09-2018 - 19:29 06-09-2018 - 19:29
CVE-2018-16645 4.3
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
06-09-2018 - 18:29 06-09-2018 - 18:29
CVE-2018-16644 4.3
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
06-09-2018 - 18:29 06-09-2018 - 18:29
CVE-2018-16643 4.3
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to
06-09-2018 - 18:29 06-09-2018 - 18:29
CVE-2018-16642 4.3
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
06-09-2018 - 18:29 06-09-2018 - 18:29
CVE-2018-5391 None
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments
06-09-2018 - 17:29 06-09-2018 - 17:29
CVE-2018-1000801 4.3
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via
06-09-2018 - 14:29 06-09-2018 - 14:29
CVE-2018-1000671 5.8
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. Thi
06-09-2018 - 14:29 06-09-2018 - 14:29
CVE-2018-16585 6.8
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allow
06-09-2018 - 10:29 06-09-2018 - 10:29
CVE-2018-14624 None
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modific
06-09-2018 - 10:29 06-09-2018 - 10:29
CVE-2018-14618 None
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocat
05-09-2018 - 15:29 05-09-2018 - 15:29
CVE-2018-16543 6.8
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16542 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16541 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16540 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16539 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16513 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 09:29 05-09-2018 - 09:29
CVE-2018-16511 6.8
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 02:29 05-09-2018 - 02:29
CVE-2018-16509 9.3
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instr
05-09-2018 - 02:29 05-09-2018 - 02:29
CVE-2018-6555 7.2
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecifi
04-09-2018 - 14:29 04-09-2018 - 14:29
CVE-2018-6554 4.9
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
04-09-2018 - 14:29 04-09-2018 - 14:29
CVE-2018-10930 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
04-09-2018 - 12:29 04-09-2018 - 12:29
CVE-2018-10929 6.5
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
04-09-2018 - 12:29 04-09-2018 - 12:29
CVE-2018-10928 6.5
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing any
04-09-2018 - 11:29 04-09-2018 - 11:29
CVE-2018-10927 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
04-09-2018 - 11:29 04-09-2018 - 11:29
CVE-2018-10926 6.5
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
04-09-2018 - 11:29 04-09-2018 - 11:29
CVE-2018-10923 None
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs s
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10914 None
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks an
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10913 None
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10911 None
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10907 None
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume
04-09-2018 - 09:29 04-09-2018 - 09:29
CVE-2018-10904 None
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exp
04-09-2018 - 09:29 04-09-2018 - 09:29
CVE-2018-16435 4.3
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16430 6.8
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16413 6.8
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
03-09-2018 - 15:29 03-09-2018 - 15:29
CVE-2018-16412 6.8
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
03-09-2018 - 15:29 03-09-2018 - 15:29
CVE-2018-16336 4.3
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.
01-09-2018 - 23:29 01-09-2018 - 23:29
CVE-2018-16276 7.2
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate
31-08-2018 - 12:29 31-08-2018 - 12:29
CVE-2018-14622 None
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file de
30-08-2018 - 09:29 30-08-2018 - 09:29
CVE-2018-16058 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-16057 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-16056 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-8040 5.0
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users runn
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-8005 5.0
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolv
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-8004 4.0
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upg
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-1318 5.0
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2017-15429 4.3
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15399 9.3
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15398 7.5
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15396 4.3
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15427 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15426 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15425 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15424 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15423 5.0
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15422 4.3
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15420 4.3
Inappropriate implementation in browser navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15419 4.3
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15418 4.3
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15417 2.6
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15416 4.3
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15415 4.3
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15413 6.8
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15412 6.8
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15411 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15410 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15409 6.8
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15408 6.8
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15407 None
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-15911 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
28-08-2018 - 00:29 28-08-2018 - 00:29
CVE-2018-15910 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15909 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15908 None
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-10938 7.1
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading
27-08-2018 - 09:29 27-08-2018 - 09:29
CVE-2011-2767 None
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control
26-08-2018 - 12:29 26-08-2018 - 12:29
CVE-2018-14600 7.5
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
25-08-2018 - 06:29 24-08-2018 - 15:29
CVE-2018-14599 7.5
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
25-08-2018 - 06:29 24-08-2018 - 15:29
CVE-2018-14598 5.0
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation f
25-08-2018 - 06:29 24-08-2018 - 15:29
CVE-2018-10919 4.0
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Sa
22-08-2018 - 13:29 22-08-2018 - 13:29
CVE-2018-10858 6.5
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and
22-08-2018 - 13:29 22-08-2018 - 13:29
CVE-2018-10846 1.9
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain
22-08-2018 - 09:29 22-08-2018 - 09:29
CVE-2018-10845 4.3
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing dat
22-08-2018 - 09:29 22-08-2018 - 09:29
CVE-2018-10844 4.3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data
22-08-2018 - 09:29 22-08-2018 - 09:29
CVE-2018-10902 4.6
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
21-08-2018 - 15:29 21-08-2018 - 15:29
CVE-2018-15599 5.0
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in
20-08-2018 - 21:29 20-08-2018 - 21:29
CVE-2018-1000637 6.8
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed fi
20-08-2018 - 15:31 20-08-2018 - 15:31
CVE-2018-1000632 6.4
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be explo
20-08-2018 - 15:31 20-08-2018 - 15:31
CVE-2018-15594 2.1
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
20-08-2018 - 04:29 20-08-2018 - 04:29
CVE-2018-15572 2.1
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
19-08-2018 - 22:29 19-08-2018 - 22:29
CVE-2018-15501 5.0
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15494 7.5
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15473 5.0
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
17-08-2018 - 15:29 17-08-2018 - 15:29
CVE-2018-15471 6.8
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to req
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-10873 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p
17-08-2018 - 08:29 17-08-2018 - 08:29
CVE-2018-14567 4.3
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-3646 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3620 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel an
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3615 5.4
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a si
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-14424 4.6
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting
14-08-2018 - 14:29 14-08-2018 - 14:29
CVE-2018-14348 5.5
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
14-08-2018 - 14:29 14-08-2018 - 14:29
CVE-2018-6553 4.6
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-
10-08-2018 - 11:29 10-08-2018 - 11:29
CVE-2018-10925 5.5
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could
09-08-2018 - 17:29 09-08-2018 - 17:29
CVE-2018-10915 6.0
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru
09-08-2018 - 16:29 09-08-2018 - 16:29
CVE-2018-14526 3.3
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abu
08-08-2018 - 15:29 08-08-2018 - 15:29
CVE-2018-5390 7.8
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
07-08-2018 - 21:29 06-08-2018 - 16:29
CVE-2018-14574 5.8
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
07-08-2018 - 21:29 03-08-2018 - 13:29
CVE-2018-14912 5.0
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
06-08-2018 - 21:29 03-08-2018 - 15:29
CVE-2017-16790 4.0
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This b
06-08-2018 - 17:29 06-08-2018 - 17:29
CVE-2017-16654 5.0
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these class
06-08-2018 - 17:29 06-08-2018 - 17:29
CVE-2017-16653 4.3
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subjec
06-08-2018 - 17:29 06-08-2018 - 17:29
CVE-2018-14593 6.5
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
03-08-2018 - 21:29 03-08-2018 - 21:29
CVE-2018-14883 5.0
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
03-08-2018 - 09:29 03-08-2018 - 09:29
CVE-2018-14851 4.3
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2018-8037 4.3
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
02-08-2018 - 10:29 02-08-2018 - 10:29
CVE-2018-1336 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
02-08-2018 - 10:29 02-08-2018 - 10:29
CVE-2015-9262 7.5
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
01-08-2018 - 19:29 01-08-2018 - 19:29
CVE-2018-8034 5.0
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
01-08-2018 - 14:29 01-08-2018 - 14:29
CVE-2016-9572 4.3
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processi
01-08-2018 - 12:29 01-08-2018 - 12:29
CVE-2016-8654 6.8
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
01-08-2018 - 12:29 01-08-2018 - 12:29
CVE-2016-9573 5.8
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8623 5.0
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8620 7.5
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8619 7.5
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8616 4.3
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8615 5.0
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8621 5.0
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
31-07-2018 - 18:29 31-07-2018 - 18:29
CVE-2016-8617 4.4
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
31-07-2018 - 18:29 31-07-2018 - 18:29
CVE-2016-8624 5.0
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2016-8622 7.5
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2016-8618 7.5
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2018-14432 3.5
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects th
31-07-2018 - 10:29 31-07-2018 - 10:29
CVE-2018-8020 4.3
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly i
31-07-2018 - 09:29 31-07-2018 - 09:29
CVE-2018-8019 4.3
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authe
31-07-2018 - 09:29 31-07-2018 - 09:29
CVE-2018-14767 7.5
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. Th
31-07-2018 - 02:29 31-07-2018 - 02:29
CVE-2018-10847 6.5
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate
30-07-2018 - 13:29 30-07-2018 - 13:29
CVE-2018-10883 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
30-07-2018 - 12:29 30-07-2018 - 12:29
CVE-2017-7518 4.6
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/pr
30-07-2018 - 11:29 30-07-2018 - 11:29
CVE-2017-7482 7.2
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This
30-07-2018 - 10:29 30-07-2018 - 10:29
CVE-2018-14734 6.1
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
29-07-2018 - 19:29 29-07-2018 - 19:29
CVE-2018-14682 6.8
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14681 6.8
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14680 4.3
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14679 4.3
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14678 7.2
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (unin
28-07-2018 - 14:29 28-07-2018 - 14:29
CVE-2018-0498 1.9
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
28-07-2018 - 13:29 28-07-2018 - 13:29
CVE-2018-0497 4.3
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (wit
28-07-2018 - 13:29 28-07-2018 - 13:29
CVE-2016-9603 9.0
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged
27-07-2018 - 17:29 27-07-2018 - 17:29
CVE-2016-9578 5.0
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
27-07-2018 - 17:29 27-07-2018 - 17:29
CVE-2016-9577 6.5
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
27-07-2018 - 16:29 27-07-2018 - 16:29
CVE-2017-2620 9.0
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use t
27-07-2018 - 15:29 27-07-2018 - 15:29
CVE-2017-2618 4.9
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
27-07-2018 - 15:29 27-07-2018 - 15:29
CVE-2017-2616 4.7
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
27-07-2018 - 15:29 27-07-2018 - 15:29
CVE-2018-10882 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
27-07-2018 - 14:29 27-07-2018 - 14:29
CVE-2018-1056 6.8
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
27-07-2018 - 14:29 27-07-2018 - 14:29
CVE-2017-2640 7.5
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
27-07-2018 - 14:29 27-07-2018 - 14:29
CVE-2017-2624 1.9
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations ret
27-07-2018 - 14:29 27-07-2018 - 14:29
CVE-2017-15119 5.0
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client
27-07-2018 - 12:29 27-07-2018 - 12:29
CVE-2017-2670 5.0
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
27-07-2018 - 11:29 27-07-2018 - 11:29
CVE-2017-15120 5.0
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remot
27-07-2018 - 11:29 27-07-2018 - 11:29
CVE-2017-2666 6.4
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject
27-07-2018 - 10:29 27-07-2018 - 10:29
CVE-2017-12151 5.8
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attac
27-07-2018 - 08:29 27-07-2018 - 08:29
CVE-2018-14617 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2018-14609 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not bee
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2015-9261 4.3
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
26-07-2018 - 15:29 26-07-2018 - 15:29
CVE-2018-10881 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10879 6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10878 6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10876 4.9
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2017-12150 5.8
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in pl
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-0618 3.5
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
26-07-2018 - 13:29 26-07-2018 - 13:29
CVE-2017-12163 4.8
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to
26-07-2018 - 12:29 26-07-2018 - 12:29
CVE-2018-10900 7.2
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an
26-07-2018 - 11:29 26-07-2018 - 11:29
CVE-2017-7558 5.0
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in
26-07-2018 - 11:29 26-07-2018 - 11:29
CVE-2017-7526 4.3
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 w
26-07-2018 - 09:29 26-07-2018 - 09:29
CVE-2018-13988 4.3
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
25-07-2018 - 19:29 25-07-2018 - 19:29
CVE-2018-1002200 4.3
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
25-07-2018 - 13:29 25-07-2018 - 13:29
CVE-2018-10880 7.1
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
25-07-2018 - 09:29 25-07-2018 - 09:29
CVE-2018-10906 4.6
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
24-07-2018 - 16:29 24-07-2018 - 16:29
CVE-2016-10728 5.0
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong ru
23-07-2018 - 16:29 23-07-2018 - 16:29
CVE-2018-14447 6.8
trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.
20-07-2018 - 09:29 20-07-2018 - 09:29
CVE-2018-7602 7.5
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability
19-07-2018 - 13:29 19-07-2018 - 13:29
CVE-2018-14404 5.0
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format input
19-07-2018 - 09:29 19-07-2018 - 09:29
CVE-2018-14395 4.3
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
19-07-2018 - 01:29 19-07-2018 - 01:29
CVE-2018-14369 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14368 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14343 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14342 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14341 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14340 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14339 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-10877 6.8
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
18-07-2018 - 11:29 18-07-2018 - 11:29
CVE-2018-3081 4.9
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-3070 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged att
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-3066 4.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged a
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-3064 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-3063 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-3058 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2952 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult t
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2767 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-10871 4.0
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-14363 5.0
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14362 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14361 7.5
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14360 7.5
An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14359 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14358 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14357 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14356 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14355 5.0
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14354 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscripti
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14353 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14352 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14351 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14350 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14349 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
17-07-2018 - 13:29 17-07-2018 - 13:29
CVE-2018-14347 4.3
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
17-07-2018 - 11:29 17-07-2018 - 11:29
CVE-2018-14346 6.8
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
17-07-2018 - 11:29 17-07-2018 - 11:29
CVE-2018-12584 7.5
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
16-07-2018 - 16:29 16-07-2018 - 16:29
CVE-2018-10857 5.0
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
16-07-2018 - 16:29 16-07-2018 - 16:29
CVE-2018-10886 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.
16-07-2018 - 15:29 16-07-2018 - 15:29
CVE-2018-10859 5.0
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted dat
16-07-2018 - 14:29 16-07-2018 - 14:29
CVE-2018-0361 4.3
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
16-07-2018 - 13:29 16-07-2018 - 13:29
CVE-2018-0360 4.3
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
16-07-2018 - 13:29 16-07-2018 - 13:29
CVE-2018-14056 5.0
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
14-07-2018 - 21:29 14-07-2018 - 21:29
CVE-2018-14055 4.0
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
14-07-2018 - 21:29 14-07-2018 - 21:29
CVE-2018-14040 4.3
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
13-07-2018 - 10:29 13-07-2018 - 10:29
CVE-2018-11529 6.8
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2017-7467 7.5
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
11-07-2018 - 09:29 11-07-2018 - 09:29
CVE-2016-9604 2.1
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass mod
11-07-2018 - 09:29 11-07-2018 - 09:29
CVE-2018-1116 3.6
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other
10-07-2018 - 15:29 10-07-2018 - 15:29
CVE-2018-10888 4.3
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-10887 5.8
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read befo
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2017-7471 7.7
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside gu
09-07-2018 - 10:29 09-07-2018 - 10:29
CVE-2018-13405 4.6
The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a me
06-07-2018 - 10:29 06-07-2018 - 10:29
CVE-2018-12910 7.5
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
05-07-2018 - 14:29 05-07-2018 - 14:29
CVE-2018-13302 6.8
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI
05-07-2018 - 13:29 05-07-2018 - 13:29
CVE-2018-13300 5.8
In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a den
05-07-2018 - 13:29 05-07-2018 - 13:29
CVE-2018-13099 4.3
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2017-2615 9.0
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to
02-07-2018 - 21:29 02-07-2018 - 21:29
CVE-2018-12893 2.1
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a g
02-07-2018 - 13:29 02-07-2018 - 13:29
CVE-2018-12892 6.5
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) user
02-07-2018 - 13:29 02-07-2018 - 13:29
CVE-2018-12891 4.9
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such
02-07-2018 - 13:29 02-07-2018 - 13:29
CVE-2018-13054 5.8
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These ic
02-07-2018 - 10:29 02-07-2018 - 10:29
CVE-2018-10860 6.4
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing coul
29-06-2018 - 15:29 29-06-2018 - 15:29
CVE-2018-13006 7.5
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.
29-06-2018 - 10:29 29-06-2018 - 10:29
CVE-2018-13005 7.5
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.
29-06-2018 - 10:29 29-06-2018 - 10:29
CVE-2018-12895 6.5
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to mis
26-06-2018 - 16:29 26-06-2018 - 16:29
CVE-2018-3760 5.0
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application'
26-06-2018 - 15:29 26-06-2018 - 15:29
CVE-2017-7658 7.5
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a
26-06-2018 - 13:29 26-06-2018 - 13:29
CVE-2018-1000550 7.5
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to
26-06-2018 - 12:29 26-06-2018 - 12:29
CVE-2018-1000544 7.5
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip
26-06-2018 - 12:29 26-06-2018 - 12:29
CVE-2018-1000539 5.0
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack app
26-06-2018 - 12:29 26-06-2018 - 12:29
CVE-2018-1000528 4.3
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attac
26-06-2018 - 12:29 26-06-2018 - 12:29
CVE-2018-1000517 7.5
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectiv
26-06-2018 - 12:29 26-06-2018 - 12:29
CVE-2017-7657 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow
26-06-2018 - 12:29 26-06-2018 - 12:29
CVE-2017-7656 5.0
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declare
26-06-2018 - 11:29 26-06-2018 - 11:29
CVE-2018-10852 5.0
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-1000204 6.3
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fix
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-3665 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2017-2669 5.0
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending speci
21-06-2018 - 09:29 21-06-2018 - 09:29
CVE-2018-12601 7.5
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
20-06-2018 - 14:29 20-06-2018 - 14:29
CVE-2018-12600 6.8
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
20-06-2018 - 14:29 20-06-2018 - 14:29
CVE-2018-12599 6.8
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
20-06-2018 - 14:29 20-06-2018 - 14:29
CVE-2018-1120 3.5
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w
20-06-2018 - 09:29 20-06-2018 - 09:29
CVE-2018-10811 5.0
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
19-06-2018 - 17:29 19-06-2018 - 17:29
CVE-2018-12578 7.5
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
19-06-2018 - 11:29 19-06-2018 - 11:29
CVE-2018-1061 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
19-06-2018 - 08:29 19-06-2018 - 08:29
CVE-2018-12565 6.5
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
19-06-2018 - 01:29 19-06-2018 - 01:29
CVE-2018-12564 4.0
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and vali
19-06-2018 - 01:29 19-06-2018 - 01:29
CVE-2018-1060 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
18-06-2018 - 10:29 18-06-2018 - 10:29
CVE-2018-12029 4.4
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file wi
17-06-2018 - 16:29 17-06-2018 - 16:29
CVE-2018-11219 7.5
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
17-06-2018 - 13:29 17-06-2018 - 13:29
CVE-2018-11218 7.5
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
17-06-2018 - 13:29 17-06-2018 - 13:29
CVE-2018-12495 4.3
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
15-06-2018 - 14:29 15-06-2018 - 14:29
CVE-2018-12458 4.3
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
15-06-2018 - 11:29 15-06-2018 - 11:29
CVE-2018-0495 1.9
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka
13-06-2018 - 19:29 13-06-2018 - 19:29
CVE-2018-10850 7.1
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of servi
13-06-2018 - 16:29 13-06-2018 - 16:29
CVE-2018-11406 6.8
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This be
13-06-2018 - 12:29 13-06-2018 - 12:29
CVE-2018-11386 4.3
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. U
13-06-2018 - 12:29 13-06-2018 - 12:29
CVE-2018-11385 6.8
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an a
13-06-2018 - 12:29 13-06-2018 - 12:29
CVE-2018-12265 6.8
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
13-06-2018 - 07:29 13-06-2018 - 07:29
CVE-2018-12264 6.8
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
13-06-2018 - 07:29 13-06-2018 - 07:29
CVE-2018-5814 6.9
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by s
12-06-2018 - 12:29 12-06-2018 - 12:29
CVE-2018-5803 4.9
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
12-06-2018 - 12:29 12-06-2018 - 12:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
12-06-2018 - 09:29 12-06-2018 - 09:29
CVE-2018-12233 6.8
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered b
12-06-2018 - 08:29 12-06-2018 - 08:29
CVE-2018-12227 5.0
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP reque
12-06-2018 - 00:29 12-06-2018 - 00:29
CVE-2018-5185 4.3
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5184 5.0
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5183 7.5
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5178 6.8
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5170 4.3
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5168 5.0
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5162 5.0
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5161 4.3
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5159 7.5
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5158 6.8
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnera
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5157 5.0
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5155 7.5
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox E
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5154 7.5
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Fir
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5150 7.5
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5148 7.5
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5147 7.5
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5146 6.8
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5145 7.5
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 an
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5144 7.5
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5131 4.3
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5130 6.8
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5129 5.0
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunde
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5127 6.8
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5125 6.8
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5117 5.0
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can misle
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5104 7.5
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5103 7.5
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5102 7.5
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5099 7.5
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5098 7.5
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefo
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5097 7.5
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5096 7.5
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5095 7.5
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerabilit
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5091 7.5
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5089 7.5
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7848 5.0
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7847 4.3
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7846 6.8
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7843 5.0
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple pr
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7830 4.3
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderb
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7829 5.0
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbir
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7828 7.5
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7826 10.0
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7825 5.0
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating sy
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7824 7.5
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Thi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7823 4.3
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launch
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7819 7.5
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7818 7.5
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7814 6.8
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users int
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7810 10.0
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7809 7.5
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox E
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7807 5.8
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7805 5.0
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7804 5.0
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memor
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7803 5.0
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7802 7.5
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements ar
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7801 7.5
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7800 7.5
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR <
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7798 6.8
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. Th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7793 7.5
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7792 7.5
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firef
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7791 5.0
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects T
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7787 5.0
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7786 7.5
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7785 7.5
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7784 7.5
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7779 10.0
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7778 7.5
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7764 5.0
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confus
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7758 6.4
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7757 7.5
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7756 7.5
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7754 5.0
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7753 6.4
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7752 6.8
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigge
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7751 7.5
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7750 7.5
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Fire
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7749 7.5
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5472 7.5
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5470 7.5
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5469 7.5
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5465 6.4
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5464 7.5
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firef
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5462 5.0
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5460 7.5
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5459 7.5
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5448 7.5
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerabil
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5447 6.4
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5446 7.5
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5445 5.0
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5444 5.0
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5443 7.5
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5442 7.5
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5441 7.5
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5440 7.5
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. T
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5439 7.5
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 5
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5438 7.5
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5436 6.8
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5435 7.5
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5434 7.5
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5433 7.5
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5432 7.5
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5429 7.5
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrar
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5410 7.5
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5408 5.0
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR <
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5407 4.3
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violate
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5405 5.0
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5404 7.5
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 4
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5402 7.5
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5401 7.5
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 4
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5400 7.5
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5398 10.0
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5396 7.5
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5390 7.5
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5386 7.5
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5383 5.0
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5380 7.5
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5378 5.0
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerab
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5376 7.5
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5375 7.5
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5373 7.5
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affe
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9905 6.8
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9904 5.0
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. Th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9902 5.0
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9901 7.5
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vul
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9900 5.0
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and T
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9899 7.5
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9898 7.5
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9897 5.0
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9895 4.3
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9893 7.5
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9079 5.0
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR <
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9074 4.3
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9066 5.0
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9064 4.3
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9063 7.5
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5297 7.5
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5296 5.0
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5291 4.9
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5290 7.5
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-12020 5.0
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" optio
08-06-2018 - 17:29 08-06-2018 - 17:29
CVE-2018-12015 6.4
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
07-06-2018 - 09:29 07-06-2018 - 09:29
CVE-2017-7654 5.0
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
05-06-2018 - 16:29 05-06-2018 - 16:29
CVE-2017-7653 3.5
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string w
05-06-2018 - 16:29 05-06-2018 - 16:29
CVE-2018-1000180 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. T
05-06-2018 - 09:29 05-06-2018 - 09:29
CVE-2016-1000346 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in
04-06-2018 - 17:29 04-06-2018 - 17:29
CVE-2016-1000345 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identif
04-06-2018 - 17:29 04-06-2018 - 17:29
CVE-2016-1000343 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generate
04-06-2018 - 09:29 04-06-2018 - 09:29
CVE-2016-1000342 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in
04-06-2018 - 09:29 04-06-2018 - 09:29
CVE-2016-1000341 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacke
04-06-2018 - 09:29 04-06-2018 - 09:29
CVE-2016-1000339 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lo
04-06-2018 - 09:29 04-06-2018 - 09:29
CVE-2016-1000338 5.0
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in s
01-06-2018 - 16:29 01-06-2018 - 16:29
CVE-2018-11645 5.0
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
01-06-2018 - 08:29 01-06-2018 - 08:29
CVE-2018-5388 4.0
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
31-05-2018 - 09:29 31-05-2018 - 09:29
CVE-2018-10995 5.0
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
30-05-2018 - 16:29 30-05-2018 - 16:29
CVE-2018-11439 4.3
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
30-05-2018 - 09:29 30-05-2018 - 09:29
CVE-2018-11235 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
30-05-2018 - 00:29 30-05-2018 - 00:29
CVE-2016-7076 7.2
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
29-05-2018 - 09:29 29-05-2018 - 09:29
CVE-2018-11531 7.5
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
29-05-2018 - 03:29 29-05-2018 - 03:29
CVE-2018-11506 7.2
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes
28-05-2018 - 00:29 28-05-2018 - 00:29
CVE-2018-11504 4.3
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
26-05-2018 - 17:29 26-05-2018 - 17:29
CVE-2018-11503 4.3
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
26-05-2018 - 17:29 26-05-2018 - 17:29
CVE-2018-11468 4.3
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
25-05-2018 - 09:29 25-05-2018 - 09:29
CVE-2018-8013 7.5
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before
24-05-2018 - 12:29 24-05-2018 - 12:29
CVE-2018-1000301 6.4
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP
24-05-2018 - 09:29 24-05-2018 - 09:29
CVE-2018-1000199 4.9
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptra
24-05-2018 - 09:29 24-05-2018 - 09:29
CVE-2018-1000040 4.3
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
24-05-2018 - 09:29 24-05-2018 - 09:29
CVE-2018-1000037 4.3
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
24-05-2018 - 09:29 24-05-2018 - 09:29
CVE-2018-1125 5.0
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux a
23-05-2018 - 10:29 23-05-2018 - 10:29
CVE-2018-1123 5.0
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporar
23-05-2018 - 10:29 23-05-2018 - 10:29
CVE-2018-1122 4.4
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities
23-05-2018 - 10:29 23-05-2018 - 10:29
CVE-2018-1126 7.5
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
23-05-2018 - 09:29 23-05-2018 - 09:29
CVE-2018-1124 4.6
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which co
23-05-2018 - 09:29 23-05-2018 - 09:29
CVE-2018-11362 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
22-05-2018 - 17:29 22-05-2018 - 17:29
CVE-2018-11360 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
22-05-2018 - 17:29 22-05-2018 - 17:29
CVE-2018-11358 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
22-05-2018 - 17:29 22-05-2018 - 17:29
CVE-2018-3640 4.7
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue Sy
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-1108 4.3
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
21-05-2018 - 17:29 21-05-2018 - 17:29
CVE-2018-8012 5.0
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit cha
21-05-2018 - 15:29 21-05-2018 - 15:29
CVE-2018-11319 8.5
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicio
20-05-2018 - 16:29 20-05-2018 - 16:29
CVE-2018-11251 4.3
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted
18-05-2018 - 15:29 18-05-2018 - 15:29
CVE-2017-18273 7.1
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in
18-05-2018 - 15:29 18-05-2018 - 15:29
CVE-2017-18271 7.1
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
18-05-2018 - 15:29 18-05-2018 - 15:29
CVE-2018-1087 4.6
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS
15-05-2018 - 12:29 15-05-2018 - 12:29
CVE-2018-10999 4.3
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.
12-05-2018 - 00:29 12-05-2018 - 00:29
CVE-2018-10998 4.3
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
12-05-2018 - 00:29 12-05-2018 - 00:29
CVE-2018-10982 7.2
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to
10-05-2018 - 19:29 10-05-2018 - 19:29
CVE-2018-1118 2.1
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel
10-05-2018 - 18:29 10-05-2018 - 18:29
CVE-2018-10981 4.9
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
10-05-2018 - 18:29 10-05-2018 - 18:29
CVE-2017-18267 4.3
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
10-05-2018 - 11:29 10-05-2018 - 11:29
CVE-2017-18266 6.8
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafte
10-05-2018 - 10:29 10-05-2018 - 10:29
CVE-2018-1130 4.9
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
10-05-2018 - 09:29 10-05-2018 - 09:29
CVE-2018-10963 4.3
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
09-05-2018 - 22:29 09-05-2018 - 22:29
CVE-2018-10958 4.3
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
09-05-2018 - 22:29 09-05-2018 - 22:29
CVE-2018-10940 4.9
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
09-05-2018 - 13:29 09-05-2018 - 13:29
CVE-2017-18265 5.0
Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to tr
09-05-2018 - 13:29 09-05-2018 - 13:29
CVE-2018-1089 5.0
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl
09-05-2018 - 11:29 09-05-2018 - 11:29
CVE-2018-8897 7.2
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
08-05-2018 - 14:29 08-05-2018 - 14:29
CVE-2018-1000179 5.0
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
08-05-2018 - 11:29 08-05-2018 - 11:29
CVE-2018-1000178 7.5
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
08-05-2018 - 11:29 08-05-2018 - 11:29
CVE-2018-10380 7.2
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
08-05-2018 - 08:29 08-05-2018 - 08:29
CVE-2018-10768 5.0
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are no
06-05-2018 - 19:29 06-05-2018 - 19:29
CVE-2018-0494 4.3
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
06-05-2018 - 18:29 06-05-2018 - 18:29
CVE-2017-18264 7.5
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., vers
01-05-2018 - 13:29 01-05-2018 - 13:29
CVE-2018-10549 6.8
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a Make
29-04-2018 - 17:29 29-04-2018 - 17:29
CVE-2018-10548 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishan
29-04-2018 - 17:29 29-04-2018 - 17:29
CVE-2018-10547 4.3
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE:
29-04-2018 - 17:29 29-04-2018 - 17:29
CVE-2018-10546 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
29-04-2018 - 17:29 29-04-2018 - 17:29
CVE-2018-10545 1.9
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one u
29-04-2018 - 17:29 29-04-2018 - 17:29
CVE-2018-10540 4.3
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of int
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10539 4.3
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10538 4.3
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10537 6.8
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10536 6.8
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10472 1.9
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot
27-04-2018 - 11:29 27-04-2018 - 11:29
CVE-2018-10471 4.9
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
27-04-2018 - 11:29 27-04-2018 - 11:29
CVE-2016-9602 9.0
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a ho
26-04-2018 - 15:29 26-04-2018 - 15:29
CVE-2017-7652 6.0
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more f
25-04-2018 - 09:29 25-04-2018 - 09:29
CVE-2018-3836 7.2
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a mali
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2924 6.8
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2923 6.8
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2918 6.8
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execu
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2908 6.8
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code ex
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2907 6.8
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2906 6.8
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2905 6.8
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2904 6.8
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2903 6.8
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2902 6.8
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2901 6.8
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for cod
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2900 6.8
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2899 6.8
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2885 7.5
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2839 4.3
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2838 4.3
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2837 4.3
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2836 4.3
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condit
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2835 6.8
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromi
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2834 6.8
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compr
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14450 5.8
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14449 6.8
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14448 6.8
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14442 6.8
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image t
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14441 6.8
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can di
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14440 6.8
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12122 6.8
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12105 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12104 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code exe
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12103 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12102 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12101 6.8
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12100 6.8
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for c
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12099 6.8
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can all
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12086 6.8
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow fo
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12082 6.8
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12081 6.8
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for cod
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-7651 5.0
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
24-04-2018 - 10:29 24-04-2018 - 10:29
CVE-2018-10323 4.9
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
24-04-2018 - 02:29 24-04-2018 - 02:29
CVE-2016-9601 4.3
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an
23-04-2018 - 21:29 23-04-2018 - 21:29
CVE-2018-1106 2.1
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a
23-04-2018 - 16:29 23-04-2018 - 16:29
CVE-2018-8781 7.2
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissi
23-04-2018 - 15:29 23-04-2018 - 15:29
CVE-2017-17833 7.5
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
23-04-2018 - 14:29 23-04-2018 - 14:29
CVE-2016-9586 6.8
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary
23-04-2018 - 14:29 23-04-2018 - 14:29
CVE-2017-2825 6.8
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-10073 5.0
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
20-04-2018 - 16:29 20-04-2018 - 16:29
CVE-2018-2819 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2818 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2817 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2815 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2814 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unaut
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2813 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2800 4.0
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2799 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2798 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2797 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2796 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vul
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2795 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2794 3.7
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated att
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2790 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unau
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2787 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2784 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access vi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2782 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access vi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2781 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2773 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2771 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2766 6.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2761 4.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2755 3.7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticat
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-6913 7.5
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
18-04-2018 - 21:29 17-04-2018 - 16:29
CVE-2018-1084 7.5
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
18-04-2018 - 21:29 12-04-2018 - 13:29
CVE-2018-10102 4.3
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
18-04-2018 - 21:29 16-04-2018 - 05:58
CVE-2018-10087 2.1
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
18-04-2018 - 21:29 13-04-2018 - 09:29
CVE-2018-10194 6.8
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (applicat
18-04-2018 - 17:29 18-04-2018 - 17:29
CVE-2018-1000164 5.0
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP he
18-04-2018 - 15:29 18-04-2018 - 15:29
CVE-2018-10101 5.8
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
17-04-2018 - 21:29 16-04-2018 - 05:58
CVE-2018-10100 5.8
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
17-04-2018 - 21:29 16-04-2018 - 05:58
CVE-2018-0737 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
17-04-2018 - 21:29 16-04-2018 - 14:29
CVE-2018-6798 5.0
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
17-04-2018 - 16:29 17-04-2018 - 16:29
CVE-2018-6797 7.5
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
17-04-2018 - 16:29 17-04-2018 - 16:29
CVE-2017-10140 4.6
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in th
16-04-2018 - 13:29 16-04-2018 - 13:29
CVE-2018-10124 2.1
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
16-04-2018 - 10:29 16-04-2018 - 10:29
CVE-2018-1086 5.0
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
16-04-2018 - 05:58 12-04-2018 - 12:29
CVE-2018-10120 6.8
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overfl
16-04-2018 - 05:58 16-04-2018 - 05:58
CVE-2018-10119 6.8
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possib
16-04-2018 - 05:58 16-04-2018 - 05:58
CVE-2017-0358 7.2
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege esca
16-04-2018 - 05:58 13-04-2018 - 11:29
CVE-2017-0356 7.5
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
16-04-2018 - 05:58 13-04-2018 - 11:29
CVE-2016-9646 5.0
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
16-04-2018 - 05:58 13-04-2018 - 11:29
CVE-2014-6633 9.0
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collec
12-04-2018 - 11:29 12-04-2018 - 11:29
CVE-2018-10021 4.9
** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report becau
11-04-2018 - 13:29 11-04-2018 - 13:29
CVE-2018-10001 4.3
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
10-04-2018 - 23:29 10-04-2018 - 23:29
CVE-2018-3839 6.8
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An atta
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-3838 4.3
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-3837 4.3
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disc
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-9989 5.0
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
10-04-2018 - 15:29 10-04-2018 - 15:29
CVE-2018-9988 5.0
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
10-04-2018 - 15:29 10-04-2018 - 15:29
CVE-2018-1308 5.0
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order t
09-04-2018 - 09:29 09-04-2018 - 09:29
CVE-2017-18258 4.3
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legi
08-04-2018 - 13:29 08-04-2018 - 13:29
CVE-2018-9846 6.8
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to pe
07-04-2018 - 17:29 07-04-2018 - 17:29
CVE-2018-1000156 6.8
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via th
06-04-2018 - 09:29 06-04-2018 - 09:29
CVE-2015-9016 6.9
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android
05-04-2018 - 14:29 05-04-2018 - 14:29
CVE-2017-18257 4.9
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
04-04-2018 - 13:29 04-04-2018 - 13:29
CVE-2018-9273 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9270 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9269 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9268 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9264 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9263 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9261 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9260 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9258 5.0
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9251 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnera
03-04-2018 - 22:29 03-04-2018 - 22:29
CVE-2018-8780 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional director
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-8779 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-8778 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-8777 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-6914 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files vi
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2017-17742 5.0
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
03-04-2018 - 18:29 03-04-2018 - 18:29
CVE-2018-0493 6.5
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.
03-04-2018 - 03:29 03-04-2018 - 03:29
CVE-2018-0492 4.4
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
03-04-2018 - 03:29 03-04-2018 - 03:29
CVE-2018-4117 4.3
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves
03-04-2018 - 02:29 03-04-2018 - 02:29
CVE-2017-7000 6.8
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c
03-04-2018 - 02:29 03-04-2018 - 02:29
CVE-2018-1093 7.1
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bi
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-1092 7.1
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-9165 4.3
The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL po
01-04-2018 - 14:29 01-04-2018 - 14:29
CVE-2017-18255 4.6
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by
31-03-2018 - 13:29 31-03-2018 - 13:29
CVE-2018-7566 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
30-03-2018 - 17:29 30-03-2018 - 17:29
CVE-2018-9132 4.3
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
30-03-2018 - 04:29 30-03-2018 - 04:29
CVE-2018-7600 7.5
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
29-03-2018 - 03:29 29-03-2018 - 03:29
CVE-2018-1064 5.0
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
28-03-2018 - 14:29 28-03-2018 - 14:29
CVE-2017-11509 9.0
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
28-03-2018 - 13:29 28-03-2018 - 13:29
CVE-2018-1083 7.2
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to
28-03-2018 - 09:29 28-03-2018 - 09:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
27-03-2018 - 17:29 27-03-2018 - 17:29
CVE-2018-8048 4.3
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
27-03-2018 - 13:29 27-03-2018 - 13:29
CVE-2018-8764 6.8
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
27-03-2018 - 12:29 27-03-2018 - 12:29
CVE-2018-8763 4.3
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
27-03-2018 - 12:29 27-03-2018 - 12:29
CVE-2018-0202 4.3
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanis
27-03-2018 - 05:29 27-03-2018 - 05:29
CVE-2017-18248 3.5
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
26-03-2018 - 13:29 26-03-2018 - 13:29
CVE-2018-1312 6.8
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con
26-03-2018 - 11:29 26-03-2018 - 11:29
CVE-2018-1303 5.0
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of
26-03-2018 - 11:29 26-03-2018 - 11:29
CVE-2018-1301 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri
26-03-2018 - 11:29 26-03-2018 - 11:29
CVE-2018-1283 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION
26-03-2018 - 11:29 26-03-2018 - 11:29
CVE-2017-15715 6.8
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some
26-03-2018 - 11:29 26-03-2018 - 11:29
CVE-2017-15710 5.0
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If th
26-03-2018 - 11:29 26-03-2018 - 11:29
CVE-2018-9018 4.3
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
25-03-2018 - 17:29 25-03-2018 - 17:29
CVE-2018-9009 7.5
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
24-03-2018 - 23:29 24-03-2018 - 23:29
CVE-2018-8971 7.5
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
24-03-2018 - 17:29 24-03-2018 - 17:29
CVE-2018-1000140 7.5
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to
23-03-2018 - 17:29 23-03-2018 - 17:29
CVE-2017-0920 4.0
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their resp
22-03-2018 - 11:29 22-03-2018 - 11:29
CVE-2018-8905 6.8
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
22-03-2018 - 00:29 22-03-2018 - 00:29
CVE-2018-3710 6.8
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-0926 6.5
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-0925 4.0
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-0918 6.5
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-0917 4.3
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-0916 7.5
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-0915 7.5
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
21-03-2018 - 16:29 21-03-2018 - 16:29
CVE-2017-18241 4.9
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
21-03-2018 - 12:29 21-03-2018 - 12:29
CVE-2018-8828 7.5
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_p
20-03-2018 - 16:29 20-03-2018 - 16:29
CVE-2018-8822 7.2
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicio
20-03-2018 - 13:29 20-03-2018 - 13:29
CVE-2018-8754 2.1
** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this
17-03-2018 - 23:29 17-03-2018 - 23:29
CVE-2018-8741 6.5
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
17-03-2018 - 10:29 17-03-2018 - 10:29
CVE-2018-1068 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
16-03-2018 - 12:29 16-03-2018 - 12:29
CVE-2018-7033 7.5
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
15-03-2018 - 18:29 15-03-2018 - 18:29
CVE-2017-18238 4.3
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt fi
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2017-18236 4.3
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2017-18234 6.8
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2017-18233 4.3
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2017-18232 2.1
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
15-03-2018 - 00:29 15-03-2018 - 00:29
CVE-2018-1000122 6.4
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
14-03-2018 - 14:29 14-03-2018 - 14:29
CVE-2018-1000121 5.0
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
14-03-2018 - 14:29 14-03-2018 - 14:29
CVE-2018-1000120 7.5
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
14-03-2018 - 14:29 14-03-2018 - 14:29
CVE-2018-1000132 6.4
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to
14-03-2018 - 09:29 14-03-2018 - 09:29
CVE-2017-18231 4.3
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
13-03-2018 - 22:29 13-03-2018 - 22:29
CVE-2017-18230 4.3
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.
13-03-2018 - 22:29 13-03-2018 - 22:29
CVE-2017-18229 4.3
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly
13-03-2018 - 22:29 13-03-2018 - 22:29
CVE-2018-1000127 5.0
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable
13-03-2018 - 17:29 13-03-2018 - 17:29
CVE-2018-7750 7.5
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is co
13-03-2018 - 14:29 13-03-2018 - 14:29
CVE-2018-1057 6.5
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privi
13-03-2018 - 12:29 13-03-2018 - 12:29
CVE-2018-1050 2.9
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls c
13-03-2018 - 12:29 13-03-2018 - 12:29
CVE-2018-1000085 4.3
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000079 4.3
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem install
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000078 4.3
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000077 5.0
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000076 7.5
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000075 5.0
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerabil
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000074 6.8
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000073 5.0
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_loc
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-1000069 4.3
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind
13-03-2018 - 11:29 13-03-2018 - 11:29
CVE-2018-8087 4.9
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
13-03-2018 - 02:29 13-03-2018 - 02:29
CVE-2018-1000099 5.0
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appe
12-03-2018 - 21:29 12-03-2018 - 21:29
CVE-2018-1000098 5.0
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fix
12-03-2018 - 21:29 12-03-2018 - 21:29
CVE-2018-1000097 6.8
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can
12-03-2018 - 21:29 12-03-2018 - 21:29
CVE-2017-2619 6.0
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
12-03-2018 - 11:29 12-03-2018 - 11:29
CVE-2017-18224 1.9
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modify
11-03-2018 - 23:29 11-03-2018 - 23:29
CVE-2016-5875 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descr
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2016-5320 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descr
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2016-5314 6.8
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2014-8129 6.8
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2018-7537 5.0
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due t
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2018-7536 5.0
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expr
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2016-9591 4.3
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2018-7998 5.1
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted
09-03-2018 - 14:29 09-03-2018 - 14:29
CVE-2018-7995 4.7
** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_inte
09-03-2018 - 10:29 09-03-2018 - 10:29
CVE-2018-1071 2.1
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
09-03-2018 - 10:29 09-03-2018 - 10:29
CVE-2018-7876 4.3
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7875 4.3
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7873 4.3
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7872 4.3
An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7871 6.8
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7870 4.3
An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7868 4.3
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7867 4.3
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7866 4.3
A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
08-03-2018 - 13:29 08-03-2018 - 13:29
CVE-2018-7757 2.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy
08-03-2018 - 09:29 08-03-2018 - 09:29
CVE-2017-18222 4.6
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly
08-03-2018 - 09:29 08-03-2018 - 09:29
CVE-2018-7755 2.1
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioc
08-03-2018 - 02:29 08-03-2018 - 02:29
CVE-2018-1000119 4.3
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby
07-03-2018 - 09:29 07-03-2018 - 09:29
CVE-2018-1000116 7.5
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
07-03-2018 - 09:29 07-03-2018 - 09:29
CVE-2018-1054 5.0
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially
07-03-2018 - 08:29 07-03-2018 - 08:29
CVE-2018-7740 4.9
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages syste
07-03-2018 - 03:29 07-03-2018 - 03:29
CVE-2018-7738 7.2
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in
06-03-2018 - 21:29 06-03-2018 - 21:29
CVE-2018-7730 4.3
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
06-03-2018 - 13:29 06-03-2018 - 13:29
CVE-2018-7728 4.3
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.
06-03-2018 - 13:29 06-03-2018 - 13:29
CVE-2018-7711 6.8
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation
05-03-2018 - 17:29 05-03-2018 - 17:29
CVE-2017-18220 6.8
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a relat
05-03-2018 - 17:29 05-03-2018 - 17:29
CVE-2017-18219 4.3
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a larg
05-03-2018 - 17:29 05-03-2018 - 17:29
CVE-2017-18218 7.2
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_n
05-03-2018 - 15:29 05-03-2018 - 15:29
CVE-2017-18216 2.1
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
05-03-2018 - 13:29 05-03-2018 - 13:29
CVE-2018-0490 5.0
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and
05-03-2018 - 10:29 05-03-2018 - 10:29
CVE-2018-7644 5.0
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass
05-03-2018 - 09:29 05-03-2018 - 09:29
CVE-2018-1000115 5.0
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification
05-03-2018 - 09:29 05-03-2018 - 09:29
CVE-2018-7667 7.5
Adminer through 4.3.1 has SSRF via the server parameter.
05-03-2018 - 02:29 05-03-2018 - 02:29
CVE-2017-15130 4.3
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2017-14461 5.5
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs t
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2018-1066 7.1
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty Tar
02-03-2018 - 03:29 02-03-2018 - 03:29
CVE-2018-1065 4.7
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_
02-03-2018 - 03:29 02-03-2018 - 03:29
CVE-2017-6932 5.8
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6929 4.3
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability wa
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6928 3.5
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6927 4.3
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through T
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-15134 5.0
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla
01-03-2018 - 17:29 01-03-2018 - 17:29
CVE-2018-7584 7.5
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This
01-03-2018 - 14:29 01-03-2018 - 14:29
CVE-2018-7550 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or
01-03-2018 - 12:29 01-03-2018 - 12:29
CVE-2017-12627 7.5
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
01-03-2018 - 09:29 01-03-2018 - 09:29
CVE-2018-1304 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definiti
28-02-2018 - 15:29 28-02-2018 - 15:29
CVE-2018-7557 4.3
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
28-02-2018 - 02:29 28-02-2018 - 02:29
CVE-2018-7554 7.5
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
28-02-2018 - 01:29 28-02-2018 - 01:29
CVE-2018-7553 7.5
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
28-02-2018 - 01:29 28-02-2018 - 01:29
CVE-2018-7552 7.5
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
28-02-2018 - 01:29 28-02-2018 - 01:29
CVE-2018-7551 7.5
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
28-02-2018 - 01:29 28-02-2018 - 01:29
CVE-2017-7671 5.0
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.
27-02-2018 - 15:29 27-02-2018 - 15:29
CVE-2017-5660 5.0
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
27-02-2018 - 15:29 27-02-2018 - 15:29
CVE-2017-18203 1.9
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
27-02-2018 - 15:29 27-02-2018 - 15:29
CVE-2018-7542 4.9
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
27-02-2018 - 14:29 27-02-2018 - 14:29
CVE-2018-7541 6.1
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
27-02-2018 - 14:29 27-02-2018 - 14:29
CVE-2018-7540 4.9
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
27-02-2018 - 14:29 27-02-2018 - 14:29
CVE-2018-0489 6.4
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonat
27-02-2018 - 10:29 27-02-2018 - 10:29
CVE-2018-7490 5.0
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
26-02-2018 - 17:29 26-02-2018 - 17:29
CVE-2018-7492 4.9
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
26-02-2018 - 15:29 26-02-2018 - 15:29
CVE-2018-7489 7.5
FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to t
26-02-2018 - 10:29 26-02-2018 - 10:29
CVE-2018-7487 6.8
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.
26-02-2018 - 10:29 26-02-2018 - 10:29
CVE-2018-7480 7.2
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
25-02-2018 - 15:29 25-02-2018 - 15:29
CVE-2018-7456 4.3
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the T
24-02-2018 - 01:29 24-02-2018 - 01:29
CVE-2017-18197 7.5
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
23-02-2018 - 21:29 23-02-2018 - 21:29
CVE-2018-1305 4.0
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way ap
23-02-2018 - 18:29 23-02-2018 - 18:29
CVE-2018-7443 4.3
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory fu
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7420 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7419 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7418 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7417 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7337 5.0
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7336 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7335 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7334 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7332 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7324 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7323 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7322 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7320 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7440 7.5
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
23-02-2018 - 16:29 23-02-2018 - 16:29
CVE-2018-7439 6.8
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
23-02-2018 - 16:29 23-02-2018 - 16:29
CVE-2018-7438 6.8
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
23-02-2018 - 16:29 23-02-2018 - 16:29
CVE-2018-7437 6.8
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
23-02-2018 - 16:29 23-02-2018 - 16:29
CVE-2018-7436 6.8
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
23-02-2018 - 16:29 23-02-2018 - 16:29
CVE-2018-7435 6.8
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
23-02-2018 - 16:29 23-02-2018 - 16:29
CVE-2018-6764 4.6
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
23-02-2018 - 12:29 23-02-2018 - 12:29
CVE-2017-18193 4.9
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
22-02-2018 - 10:29 22-02-2018 - 10:29
CVE-2018-7286 4.0
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of S
21-02-2018 - 19:29 21-02-2018 - 19:29
CVE-2018-7284 5.0
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats
21-02-2018 - 19:29 21-02-2018 - 19:29
CVE-2015-5316 4.3
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemo
21-02-2018 - 11:29 21-02-2018 - 11:29
CVE-2015-5315 4.3
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote at
21-02-2018 - 11:29 21-02-2018 - 11:29
CVE-2015-5314 4.3
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is
21-02-2018 - 11:29 21-02-2018 - 11:29
CVE-2018-7254 6.8
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafte
19-02-2018 - 18:29 19-02-2018 - 18:29
CVE-2018-7253 6.8
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
19-02-2018 - 18:29 19-02-2018 - 18:29
CVE-2017-7376 10.0
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
19-02-2018 - 14:29 19-02-2018 - 14:29
CVE-2017-7375 7.5
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may exp
19-02-2018 - 14:29 19-02-2018 - 14:29
CVE-2018-7225 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
19-02-2018 - 10:29 19-02-2018 - 10:29
CVE-2018-5381 5.0
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Proto
19-02-2018 - 08:29 19-02-2018 - 08:29
CVE-2018-5380 4.0
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
19-02-2018 - 08:29 19-02-2018 - 08:29
CVE-2018-5379 7.5
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an
19-02-2018 - 08:29 19-02-2018 - 08:29
CVE-2018-5378 4.9
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may c
19-02-2018 - 08:29 19-02-2018 - 08:29
CVE-2018-7187 9.3
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a
16-02-2018 - 12:29 16-02-2018 - 12:29
CVE-2017-18190 5.0
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.
16-02-2018 - 12:29 16-02-2018 - 12:29
CVE-2018-7186 7.5
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long
16-02-2018 - 11:29 16-02-2018 - 11:29
CVE-2018-7054 7.5
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
15-02-2018 - 15:29 15-02-2018 - 15:29
CVE-2018-7053 7.5
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
15-02-2018 - 15:29 15-02-2018 - 15:29
CVE-2018-7052 5.0
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
15-02-2018 - 15:29 15-02-2018 - 15:29
CVE-2018-7051 5.0
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
15-02-2018 - 15:29 15-02-2018 - 15:29
CVE-2018-7050 5.0
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
15-02-2018 - 15:29 15-02-2018 - 15:29
CVE-2017-18187 7.5
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
14-02-2018 - 12:29 14-02-2018 - 12:29
CVE-2018-0488 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within
13-02-2018 - 10:29 13-02-2018 - 10:29
CVE-2018-0487 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification w
13-02-2018 - 10:29 13-02-2018 - 10:29
CVE-2018-6927 4.6
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
12-02-2018 - 14:29 12-02-2018 - 14:29
CVE-2018-1000051 6.8
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2018-1000041 4.3
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers thro
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2018-1000027 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the pro
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2018-1000024 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This att
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2018-1053 3.3
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when t
09-02-2018 - 09:29 09-02-2018 - 09:29
CVE-2018-6871 5.0
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
09-02-2018 - 01:29 09-02-2018 - 01:29
CVE-2018-6869 4.3
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
09-02-2018 - 01:29 09-02-2018 - 01:29
CVE-2018-6789 7.5
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
08-02-2018 - 18:29 08-02-2018 - 18:29
CVE-2017-5133 6.8
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5132 6.8
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5131 6.8
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5130 6.8
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5129 6.8
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5128 6.8
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5127 6.8
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5126 6.8
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5125 6.8
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-5124 4.3
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15400 9.3
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15395 4.3
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15394 4.3
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15393 6.8
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15392 4.0
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15391 4.3
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15390 4.3
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15389 4.3
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15388 6.8
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15387 6.8
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2017-15386 4.3
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2016-2540 4.3
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.
07-02-2018 - 12:29 07-02-2018 - 12:29
CVE-2018-6799 6.8
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging a
07-02-2018 - 00:29 07-02-2018 - 00:29
CVE-2018-6791 7.2
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a sh
06-02-2018 - 21:29 06-02-2018 - 21:29
CVE-2018-6767 6.8
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
06-02-2018 - 17:29 06-02-2018 - 17:29
CVE-2018-6758 7.5
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.
06-02-2018 - 13:29 06-02-2018 - 13:29
CVE-2017-7525 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
06-02-2018 - 10:29 06-02-2018 - 10:29
CVE-2017-15095 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
06-02-2018 - 10:29 06-02-2018 - 10:29
CVE-2018-6621 4.3
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
04-02-2018 - 23:29 04-02-2018 - 23:29
CVE-2018-6596 6.4
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
03-02-2018 - 16:29 03-02-2018 - 16:29
CVE-2017-18123 9.3
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
03-02-2018 - 10:29 03-02-2018 - 10:29
CVE-2017-18122 6.8
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signatur
02-02-2018 - 10:29 02-02-2018 - 10:29
CVE-2017-18121 4.3
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
02-02-2018 - 10:29 02-02-2018 - 10:29
CVE-2018-6544 4.3
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
02-02-2018 - 04:29 02-02-2018 - 04:29
CVE-2018-6521 7.5
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions
01-02-2018 - 20:29 01-02-2018 - 20:29
CVE-2018-6519 5.0
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
01-02-2018 - 20:29 01-02-2018 - 20:29
CVE-2017-16914 7.1
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP pa
31-01-2018 - 17:29 31-01-2018 - 17:29
CVE-2017-16913 7.1
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a spec
31-01-2018 - 17:29 31-01-2018 - 17:29
CVE-2017-16912 7.1
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
31-01-2018 - 17:29 31-01-2018 - 17:29
CVE-2017-16911 1.9
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
31-01-2018 - 17:29 31-01-2018 - 17:29
CVE-2017-18043 2.1
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
31-01-2018 - 15:29 31-01-2018 - 15:29
CVE-2017-15698 4.3
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It wa
31-01-2018 - 09:29 31-01-2018 - 09:29
CVE-2017-17969 6.8
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive
30-01-2018 - 11:29 30-01-2018 - 11:29
CVE-2016-10711 7.5
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
29-01-2018 - 15:29 29-01-2018 - 15:29
CVE-2018-6392 4.3
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
29-01-2018 - 14:29 29-01-2018 - 14:29
CVE-2018-6360 6.8
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook
27-01-2018 - 21:29 27-01-2018 - 21:29
CVE-2018-6359 6.8
The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.
27-01-2018 - 16:29 27-01-2018 - 16:29
CVE-2018-6358 6.8
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.
27-01-2018 - 16:29 27-01-2018 - 16:29
CVE-2017-12380 7.8
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation
26-01-2018 - 15:29 26-01-2018 - 15:29
CVE-2017-12379 10.0
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerabili
26-01-2018 - 15:29 26-01-2018 - 15:29
CVE-2017-12378 7.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation
26-01-2018 - 15:29 26-01-2018 - 15:29
CVE-2017-12377 10.0
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerabili
26-01-2018 - 15:29 26-01-2018 - 15:29
CVE-2017-12376 9.3
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerabili
26-01-2018 - 15:29 26-01-2018 - 15:29
CVE-2017-12375 7.8