Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-1063 | 3.3 |
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling proc
|
12-02-2023 - 23:32 | 02-03-2018 - 15:29 | |
CVE-2017-7562 | 4.0 |
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary prin
|
12-02-2023 - 23:31 | 26-07-2018 - 15:29 | |
CVE-2017-15131 | 4.6 |
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux
|
12-02-2023 - 23:28 | 09-01-2018 - 21:29 | |
CVE-2017-15906 | 5.0 |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
|
13-12-2022 - 12:15 | 26-10-2017 - 03:29 | |
CVE-2017-3738 | 4.3 |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
|
19-08-2022 - 11:49 | 07-12-2017 - 16:29 | |
CVE-2017-13725 | 7.5 |
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
|
28-10-2020 - 19:28 | 14-09-2017 - 06:29 | |
CVE-2018-7225 | 7.5 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
|
23-10-2020 - 13:15 | 19-02-2018 - 15:29 | |
CVE-2018-5683 | 2.1 |
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
|
14-05-2020 - 14:14 | 23-01-2018 - 18:29 | |
CVE-2018-1086 | 5.0 |
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
|
09-10-2019 - 23:38 | 12-04-2018 - 16:29 | |
CVE-2018-6574 | 4.6 |
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not bloc
|
03-10-2019 - 00:03 | 07-02-2018 - 21:29 | |
CVE-2018-1000001 | 7.2 |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
|
03-10-2019 - 00:03 | 31-01-2018 - 14:29 | |
CVE-2018-7225 | 7.5 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
|
09-08-2019 - 23:15 | 19-02-2018 - 15:29 | |
CVE-2018-5146 | 6.8 |
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
|
11-03-2019 - 19:33 | 11-06-2018 - 21:29 | |
CVE-2018-6927 | 4.6 |
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
|
06-03-2019 - 21:38 | 12-02-2018 - 19:29 | |
CVE-2018-5148 | 7.5 |
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.
|
09-08-2018 - 14:26 | 11-06-2018 - 21:29 | |
CVE-2017-6464 | 4.0 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
|
12-04-2018 - 01:29 | 27-03-2017 - 17:59 | |
CVE-2017-11671 | 2.1 |
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDS
|
12-04-2018 - 01:29 | 26-07-2017 - 21:29 |