Max CVSS 10.0 Min CVSS 1.2 Total Count730
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6056 6.8
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-8575 9.3
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-6980 6.5
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to p
13-11-2018 - 17:29 13-11-2018 - 17:29
CVE-2018-3180 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3169 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthentica
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3149 5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3139 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows un
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3136 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unau
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-6054 6.8
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6053 4.3
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6052 4.3
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6051 4.3
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6050 4.3
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6049 4.3
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6048 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6047 4.3
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6046 4.3
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6045 4.3
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6043 6.8
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6042 4.3
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6041 4.3
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6040 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6039 4.3
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6038 4.3
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6037 4.3
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6036 4.3
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6035 6.8
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6034 5.8
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6033 6.8
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6032 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6031 6.8
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-17407 6.8
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnera
23-09-2018 - 17:29 23-09-2018 - 17:29
CVE-2018-17141 7.5
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-16657 7.5
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-10930 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
04-09-2018 - 12:29 04-09-2018 - 12:29
CVE-2018-10929 6.5
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
04-09-2018 - 12:29 04-09-2018 - 12:29
CVE-2018-10928 6.5
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing any
04-09-2018 - 11:29 04-09-2018 - 11:29
CVE-2018-10927 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
04-09-2018 - 11:29 04-09-2018 - 11:29
CVE-2018-10926 6.5
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
04-09-2018 - 11:29 04-09-2018 - 11:29
CVE-2018-10923 5.5
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs s
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10914 4.0
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks an
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10913 4.0
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10911 5.0
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
04-09-2018 - 10:29 04-09-2018 - 10:29
CVE-2018-10907 6.5
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume
04-09-2018 - 09:29 04-09-2018 - 09:29
CVE-2018-10904 6.5
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exp
04-09-2018 - 09:29 04-09-2018 - 09:29
CVE-2017-15429 4.3
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15420 4.3
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-10932 3.3
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
21-08-2018 - 14:29 21-08-2018 - 14:29
CVE-2018-15572 2.1
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
19-08-2018 - 22:29 19-08-2018 - 22:29
CVE-2018-14526 3.3
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abu
08-08-2018 - 15:29 08-08-2018 - 15:29
CVE-2015-9262 7.5
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
01-08-2018 - 19:29 01-08-2018 - 19:29
CVE-2018-14734 6.1
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
29-07-2018 - 19:29 29-07-2018 - 19:29
CVE-2018-14682 6.8
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14681 6.8
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14680 4.3
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14679 4.3
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-10906 4.6
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
24-07-2018 - 16:29 24-07-2018 - 16:29
CVE-2018-9185 4.3
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
05-07-2018 - 09:29 05-07-2018 - 09:29
CVE-2018-1113 4.6
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell bein
02-07-2018 - 21:29 02-07-2018 - 21:29
CVE-2018-13033 4.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_p
01-07-2018 - 12:29 01-07-2018 - 12:29
CVE-2018-10852 5.0
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-1061 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
19-06-2018 - 08:29 19-06-2018 - 08:29
CVE-2018-1060 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
18-06-2018 - 10:29 18-06-2018 - 10:29
CVE-2018-0495 1.9
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka
13-06-2018 - 19:29 13-06-2018 - 19:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
12-06-2018 - 09:29 12-06-2018 - 09:29
CVE-2018-1000301 6.4
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP
24-05-2018 - 09:29 24-05-2018 - 09:29
CVE-2018-11237 4.6
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
18-05-2018 - 12:29 18-05-2018 - 12:29
CVE-2018-11236 7.5
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer over
18-05-2018 - 12:29 18-05-2018 - 12:29
CVE-2018-0494 4.3
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
06-05-2018 - 18:29 06-05-2018 - 18:29
CVE-2018-10535 4.3
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" va
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10534 4.3
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the valu
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10373 4.3
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file
25-04-2018 - 05:29 25-04-2018 - 05:29
CVE-2018-10372 4.3
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
25-04-2018 - 05:29 25-04-2018 - 05:29
CVE-2018-0737 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
17-04-2018 - 21:29 16-04-2018 - 14:29
CVE-2018-1100 7.2
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
11-04-2018 - 15:29 11-04-2018 - 15:29
CVE-2018-1083 7.2
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to
28-03-2018 - 09:29 28-03-2018 - 09:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
27-03-2018 - 17:29 27-03-2018 - 17:29
CVE-2018-8945 4.3
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
22-03-2018 - 17:29 22-03-2018 - 17:29
CVE-2018-6957 3.5
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workst
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2018-1000122 6.4
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
14-03-2018 - 14:29 14-03-2018 - 14:29
CVE-2018-1000121 5.0
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
14-03-2018 - 14:29 14-03-2018 - 14:29
CVE-2018-1000120 7.5
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
14-03-2018 - 14:29 14-03-2018 - 14:29
CVE-2018-1071 2.1
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
09-03-2018 - 10:29 09-03-2018 - 10:29
CVE-2018-7757 2.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy
08-03-2018 - 09:29 08-03-2018 - 09:29
CVE-2018-5730 5.5