Max CVSS 7.8 Min CVSS 3.5 Total Count37
IDCVSSSummaryLast (major) updatePublished
CVE-2018-9415 4.6
In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-8006 4.3
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the
10-10-2018 - 10:29 10-10-2018 - 10:29
CVE-2018-12829 7.5
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-14600 7.5
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
25-08-2018 - 06:29 24-08-2018 - 15:29
CVE-2018-14599 7.5
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
25-08-2018 - 06:29 24-08-2018 - 15:29
CVE-2018-14598 5.0
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation f
25-08-2018 - 06:29 24-08-2018 - 15:29
CVE-2018-8037 4.3
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
02-08-2018 - 10:29 02-08-2018 - 10:29
CVE-2018-1336 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
02-08-2018 - 10:29 02-08-2018 - 10:29
CVE-2018-8034 5.0
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
01-08-2018 - 14:29 01-08-2018 - 14:29
CVE-2018-10881 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-13988 4.3
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
25-07-2018 - 19:29 25-07-2018 - 19:29
CVE-2018-10840 7.2
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
16-07-2018 - 16:29 16-07-2018 - 16:29
CVE-2018-13406 7.2
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
06-07-2018 - 10:29 06-07-2018 - 10:29
CVE-2018-13405 4.6
The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a me
06-07-2018 - 10:29 06-07-2018 - 10:29
CVE-2018-13094 4.3
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2018-12904 4.4
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
27-06-2018 - 07:29 27-06-2018 - 07:29
CVE-2018-1000204 6.3
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fix
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-1120 3.5
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w
20-06-2018 - 09:29 20-06-2018 - 09:29
CVE-2018-5814 6.9
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by s
12-06-2018 - 12:29 12-06-2018 - 12:29
CVE-2018-12233 6.8
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered b
12-06-2018 - 08:29 12-06-2018 - 08:29
CVE-2018-12232 7.1
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment t
12-06-2018 - 08:29 12-06-2018 - 08:29
CVE-2018-1000200 4.9
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls m
05-06-2018 - 09:29 05-06-2018 - 09:29
CVE-2018-11506 7.2
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes
28-05-2018 - 00:29 28-05-2018 - 00:29
CVE-2018-11412 4.3
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a d
24-05-2018 - 14:29 24-05-2018 - 14:29
CVE-2018-1108 4.3
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
21-05-2018 - 17:29 21-05-2018 - 17:29
CVE-2018-10323 4.9
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
24-04-2018 - 02:29 24-04-2018 - 02:29
CVE-2018-1093 7.1
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bi
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-1304 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definiti
28-02-2018 - 15:29 28-02-2018 - 15:29
CVE-2018-7489 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously c
26-02-2018 - 10:29 26-02-2018 - 10:29
CVE-2018-1305 4.0
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way ap
23-02-2018 - 18:29 23-02-2018 - 18:29
CVE-2012-0881 7.8
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
30-10-2017 - 12:29 30-10-2017 - 12:29
CVE-2015-5182 6.8
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2016-8735 7.5
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because
12-04-2017 - 16:42 06-04-2017 - 17:59
CVE-2014-0114 7.5
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
06-01-2017 - 21:59 30-04-2014 - 06:49
CVE-2016-6325 7.2
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging me
28-11-2016 - 15:31 13-10-2016 - 10:59
CVE-2016-3092 7.8
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
28-11-2016 - 15:06 04-07-2016 - 18:59
CVE-2016-5425 7.2
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging me
31-10-2016 - 09:48 13-10-2016 - 10:59
Back to Top Mark selected
Back to Top